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Sun-MySQL integration: So far, so good 



BY ROBERT MULLINS 

Back in January, soon after the 
employees of Sweden-based 
MySQL had learned that the 
company was being acquired by 
Sun Microsystems, they were 
asked which elements of 
MySQL's corporate culture Sun 
should preserve. Their answers 
included the usual "diversity," 
"collaboration" and "communi- 
cation." But one response stood 
out: "Singing 'Helan gar.' " 

"Helan gar" is to Swedes what 
"99 Bottles of Beer on the Wall" 
is to Americans: a drinking song 
that for MySQL has become a 
hallowed, though still silly, tradi- 
tion. When 400 Sun and MySQL 
employees met in Orlando on 
Jan. 16 to announce the acquisi- 
tion, MySQL employees sere- 



naded their soon-to-be co-work- 
ers from Sun with "Helan gar" as 
people from both companies 
downed shots of vodka. The 
event is posted on YouTube 
(tinyurl.com/2zkc8f) for posterity. 

That bonding exercise set the 
tone for what has apparently 
been a smooth process of inte- 
grating MySQL's 400 employees 
into the 32,000-person Sun work 
force, while maintaining the 
progress of work on forthcoming 
releases of the data management 
platform. 

"We have had no allergic reac- 
tion," declared Marten Mickos, 
the former MySQL CEO who is 
now senior vice president of Sun's 
Database Group. 

Now comes the hard work of 
making MySQL a competitive 




7 want all the success for Solaris, 
but MySQL has a mission to build 
a database business ... that means 
continued support for Linux and 
Windows/ 



Marten Mickos, senior VP of Sun's Database Group 



database management product 
that large, established businesses 
would want to buy, a goal that 
has proved elusive. Startups and 
Internet companies such as 
Facebook, Google and Yahoo 
love MySQL, but old-school 
financial services and healthcare 
enterprises with mission-critical 
systems are reluctant to trust it. 



BIG IS BETTER 

"I thought we would get to the 
large corporations on our own, 
but I must admit that it didn't 
happen to us when we were a 
private company," said Mickos. 

The US$1 billion acquisition 

also brought MySQL quality 

assurance resources that were 

continued on page 30 ► 



MCCABE BUYS 
AGITAR'S ASSETS, 
UNIT TEST TOOLS 

BY DAVID WORTHINGTON 

McCabe Software has pulled ail- 
ing Java unit test toolmaker Agi- 
tar Software out of the ashes, 
acquiring all of the company's 
assets two months after Agitar 
had ceased operations. 

In announcing the deal re- 
cently, McCabe vowed to pro- 
vide a smooth transition, assert- 
ing that Agitar s customers would 
receive uninterrupted customer 
service and product support. 

Agitar began to wind down its 
operations in May (tinyurl.com 
/5r7uhz) and retained the services 
of Sherwood Partners LLC to 
renegotiate debt and monetize 
continued on page 35 ► 




Google leaves XML in dust 

Protocol Buffers will encode data formats galore 



BY DAVID WORTHINGTON 

Google's servers are awash with 
thousands of data formats — so 
much so that the company 
claims XML is not efficient 
enough to encode them all. 
Instead, Google has created an 
interface description language 
(IDL) and binary format for data 
interchange that it is sharing as 
an open-source project. 

Google made code (tinyurl 
.com/5d4bs5) and documenta- 



tion (tinyurl.com/68e2xe) for the 
Protocol Buffers format available 
on July 7, under the Apache 2.0 
open-source license. 

Google is using Protocol 
Buffers for communicating 
among its internal systems that 
use Remote Procedure Calls sys- 
tems and accessing persistent 
data storage. Developers can de- 
fine data structures using its def- 
inition language and then com- 
pile them, producing classes that 



represent those structures in a 
particular programming lan- 
guage, explained Google engi- 
neer Kenton Varda in a post 
(tinyurl.com/5hlyd9) to the com- 
pany's software engineering 
team blog. 

The classes, which are desig- 
nated as .proto files, can read 
and write structured data from 
data streams. At this time, lan- 
guage support is limited to C ++, 
continued on page 21 ► 



Windows 7 may borrow from .NET 



BY DAVID WORTHINGTON 

Reading conference agendas is 
like interpreting tea leaves: Ses- 
sions are dropped, descriptions 
do not always match the content 
and there's usually a long journey 
involved. But if the listings that 
appeared recently on the 
Microsoft Professional Develop- 
ers Conference Web site are to 
be taken literally, Microsoft plans 
to discuss new native communi- 
cations and graphics features, 
which appear to mirror .NET 
functionality, for Windows 7. 

The conference, commonly 
known as PDC, is scheduled for 
Oct. 27 to 30 in Los Angeles. This 
year's PDC is the first since 2005. 

The agenda for PDC 
(tinyurl.com/6qm5f8) lists ses- 
sions called Windows 7: Web 



Services in Native Code and 
Windows 7: Graphics Advances. 

Currently, Windows users 
must install the .NET Frame- 
work 3.0 or above to use the Web 
Services Protocol Stack that is 
built into the Windows Commu- 
nication Foundation, introduced 
last year with Windows Vista and 
also available through the .NET 
Framework 3.0 distribution for 
Windows XP 

Although the description of 
the Graphics Advances session 
does not divulge many details, a 
Microsoft job posting in March 
that sought a lead software 
development engineer for the 
Windows UI Platform Team 
appeared to indicate that the 
company was going to design and 
continued on page 34 ► 
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ALTERNATIVE THINKING ABOUT QUALITY MANAGEMENT SOFTWARE: 



Alternative thinking is "Pre" Precaution- Preparation, Prevention, 
Predestined to send the competition home quivering. 

tt's proactfvely designing a way to ensure higher quality In your 
applications to help you reach your business goafs. 

tt's understanding and locking down requirements ahead of 
time — because "Well, I guess we should 've* [ust doesn't cut it, 

It's quality management software designed to remove the 
uncertainties and perils of depioyments and upgrades, leaving 
you free to come up with the next big thing. 



Technology for better business outcomes. 



om/go/quofify 



19 




www.sdtimes.com 



Software Development Times 



■ August 1, 2008 ■ 



NEWS 



Borland to offer 'cockpit' for piloting ALM projects 

Programs designed to improve companies' infrastructures 



BY ROBERT MULLINS 

Borland Software is planning a 
trio of software offerings that 
provide what the company 
called a needed management 
layer over the range of products 
that are used for application 
life-cycle management (ALM). 

Borland Management Solu- 
tions (BMS), due out this fall, 
plugs into a company's ALM 
infrastructure, which typically 
is made up of different tools for 
each step of the software-build- 
ing process, said Rick Jackson, 
Borland's senior vice president 
of corporate strategy. 

"The customers that we see, 
especially in the Global 2000, 
are cobbling together best-of- 
breed products, trying to create 
an integrated solution, and they 
are failing," Jackson said. 

By releasing BMS, Borland 
fulfills a strategic plan it 
mapped out two or three years 
ago to provide this kind of man- 
agement layer, said Jim Dug- 
gan, an analyst with Gartner. 
That strategy has been taking 
shape amid what he called the 
"long-running soap opera" that 
has defined Borland for years. 

In May, Borland sold its 
CodeGear division to Embar- 
cadero Technologies for US$23 



'The customers that we see ... 
are cobbling together best-of- 
breed products, trying to 
create an integrated solution, 
and they are failing. ' 



—Rick Jackson, Borland's senior vice 
president of corporate strategy 




million, removing what had 
been a source of friction within 
Borland, said Duggan. He not- 
ed that the IDE business of 
CodeGear was fundamentally 
different from Borland's ALM 
tools business. ALM is high cost 
and low volume, while Code- 
Gear's IDEs were low cost and 
high volume. 

Investment analysts would 
visit Borland and hear com- 
plaints from Borland and 
CodeGear executives about 
each other, Duggan recalled. 
"They'd say, Those lunatics 
across the hall, they're going to 
ruin us, and vice versa,' " he said. 

Borland had brought in Tod 
Nielsen as CEO in 2005 and 
Erik Prusch as CFO in 2006, to 
try to turn the company around. 
Besides operating CodeGear as 
a business unit, Borland cut 



costs, moving its headquarters 
from its longtime home in Scotts 
Valley, Calif., to less-expensive 
offices in Austin, where the 
labor market is also cheaper 
than it is in Silicon Valley. 

Yet troubles persisted. Bor- 
land reported a net loss of $61.7 
million in 2007 and another $22 
million in the first quarter of 
2008. Borland's stock has been 
selling below $2 since April. 

While Borland has been 
innovative, its execution has not 
matched that, Duggan added. 
Often, the company has been 
unable to compete with indus- 
try giants like IBM and 
Microsoft. 

"It's been Borland's lot to get 
the ideas out there," Duggan 
said, "and then get trampled in 
the rush as everybody grabs 
share from them." 



CHOICE OF THREE 

A customer can use any or all of 
the three BMS products to pro- 
vide a "cockpit" for monitoring 
the application life cycle: 
TeamDemand, which helps align 
software requirements to actual 
business needs; TeamFocus, 
which serves as a dashboard to 
monitor the progress of applica- 
tion development; and Team 
Analytics, a set of business intel- 
ligence tools that measure the 
performance of the software. 

Some of Borland's Global 
2000 customers are already 
using BMS under an early- 
access program launched this 
year, but the product won't be 
generally available until the fall, 
Jackson said. No pricing infor- 
mation was discussed as part of 
the announcement. 

Although some of the capa- 
bilities in BMS might duplicate 
what is available in the individ- 
ual ALM tools, BMS lets the 
user interact directly with the 
information already in the 
tools, he said. 

"We're trying not to displace 
them, but complement them 
with an end-to-end process 
framework and end-to-end man- 
agement environment that sees 
all, monitors all," Jackson noted. 



Only Borland and IBM 
Rational offer such an end-to- 
end suite of ALM tools, Jackson 
said, though he added that 
BMS beats the IBM offering in 
end-to-end management. 

Other vendors fall short in 
their efforts to provide end-to- 
end ALM, Jackson argued. Some 
companies that use Microsoft's 
Visual Studio, for example, turn 
to Borland's Caliber for require- 
ments management because 
Microsoft doesn't "have an 
answer for that." Likewise, he 
added, Visual Studio users also 
turn to Hewlett-Packard's 
tools — or at least the ones it 
acquired with Mercury Interac- 
tive — for quality verification. 

In other situations, when 
development managers employ 
Microsoft tools, it's to use Pow- 
erPoint or Excel to create their 
own progress reports, making 
for a laborious process, noted 
Chuck Maples, vice president 
of application development at 
Borland, which has been using 
BMS internally for about a year. 

"Reporting through Power- 
Point and Excel is a thing of 
the past," Maples said. "Days 
spent guessing and haranguing 
my teams for progress updates 
are also gone." I 



DevExpress refreshes components 



BY DAVID WORTHINGTON 

Component maker Developer 
Express has shipped a major 
update to its DXperience suite of 
.NET controls for ASP.NET and 
Windows Forms, and is intro- 
ducing a text-editing compo- 
nent. 

A beta release of DXperi- 
ence v2008 vol. 2 became avail- 
able last month, and it affects 
the entire line of ASP.NET con- 
trols. Also included are two new 
WinForms controls, XtraWiz- 
ard and XtraGauge Suite. 

Common changes across all 
ASP.NET controls include a 
new class for performing com- 
mon client-side operations; the 
ability to declare custom proper- 
ties on the server side for client 
control; client-side disabling or 
enabling of a particular control 
or control elements; a property 
to distinguish between callbacks 
and postbacks; and native ren- 



dering for data editors that uses 
HTML input elements, the 
company said. 

On the WinForms side, the 
update adds a skinning library. 
WinForms data mining, report- 
ing and visualization compo- 
nents were also updated with 
their ASP.NET counterparts. 

The new XtraWizard control 
generates multi-step wizard 
dialogs for WinForms applica- 
tions, which conform to 
Microsoft's Wizard 97 or Wizard 
Aero guidelines. Wizards can be 
skinned and pages can be pre- 
viewed at design time with their 
runtime appearance, complete 
with navigation buttons. 

Also new is the XtraGauge 
Suite, which provides Win- 
Forms components for dash- 
board-style applications. The 
suite comes with 84 predefined 
layouts and visual styles, con- 
sisting of circular, digital, linear 



and state indicator gauge types. 

CTO Julian Bucknall said 
that the DXperience suite 
includes many changes that 
customers have sought. A 
detailed list of changes for indi- 
vidual controls within the suite 
and the company's eXpressApp 
business application Frame- 
work are available on the Dev- 
Express Web site. 

Also last month, DevExpress 
released a beta build of its ASPx- 
HTML Editor v2008 vol. 2 suite 
for ASP.NET ASPxHTML Edi- 
tor offers integrated spell check- 
ing, pre-defined text formatting 
styles and full XHTML compli- 
ance, according to the company. 
This beta contains the ability to 
modify the appearance of the 
control, making it appear as a 
rich text editor within a Windows 
application, Bucknall said. 

He said that potentially dan- 
gerous tags are disallowed. I 




VERHAULED IPHONE 
NOT WORTH THE CRUSH 

Lame applications do little to impress 
a veteran smartphone user 



BY P.J. CONNOLLY 

By all standard measures, the 
relaunch of the iPhone as a 
3G wireless platform on July 
11 might be called a 
success. After all, 
within the first three 
days, Apple and its outlets had 
sold more than a million 
devices, while the new online 
App Store had served 10 mil- 
lion downloads. 

However, tales of low activ- 
ity at some Apple stores and a 
well-publicized meltdown of 
the iTunes Store, which broke 
under the strain of trying to 
activate the phones of Day 1 
buyers, could suggest that the 



ANALYSIS 



magic has left Apple. 

I wouldn't count on that 
just yet. The Apple of today is 
not the company that stuck its 
neck out with the 
Newton. AppleTV 
notwithstanding, the 
folks running the show in 
Cupertino aren't making many 
lasting mistakes these days. 
Instead, they have turned the 
mobile world on its head dur- 
ing the past 13 months. 

I'm inclined to overlook 
the company's spectacular 
embarrassment with the first- 
day activation issues as one of 
those predictable, but imagin- 
continued on page 35 ► 
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Sun-Intel partnership bearing fruit 



BY ROBERT MULLINS 

SAN FRANCISCO — The 
year-and-a-half-long partnership 
between Intel and Sun 
Microsystems is showing results, 
executives of both firms recently 
told journalists at a briefing. 

With teams of Sun engineers 
regularly visiting Intel offices to 
collaborate, and Intel engineers 
likewise visiting Sun offices, the 
blended teams have shared 
intelligence that's allowed them 
to tweak OpenSolaris, the open- 
source OS, and the Solaris 10 
commercial OS, to take advan- 
tage of Intel's processor fami- 
lies, such as the Xeon line, as 
well as the upcoming Nehalem. 

"Sun's access to Intel archi- 
tecture has allowed us to do 
things in Solaris we hadn't done 
before," said Herb Hinstorff, 
director of marketing at Sun for 
Solaris. 

The collaboration also makes 




life easier for application devel- 
opers seeking to optimize their 
software to run on Intel chips, 
added Intel's Dave Stewart, a 
software engineering manager. 

Developers often have to do 
a lot of tinkering with an appli- 
cation to adapt to new proces- 
sor instructions, Stewart noted, 
and sometimes they have to sig- 
nificantly redesign it. That task 
doesn't completely disappear 



for developers using the latest 
versions of OpenSolaris and 
Solaris, he added, but it gets 
significantly easier. 

For example, Stewart said, 
"there is some automatic per- 
formance tuning, just from the 
work that we're doing together 
on the operating system." As 
well, he continued, "There are 
[OS] functions we have already 
optimized for new processor 



instructions, so they can auto- 
matically make use of these 
new instructions and get good 
performance." 

The Sun-Intel collaboration 
is also showing results in faster 
performance of Java-based soft- 
ware applications on Intel 
processors, the companies said. 
Sun, which created the Java lan- 
guage, reported at its JavaOne 
2008 conference in May a 68% 
rise in Java performance from 
before the partnership, accord- 
ing to industry benchmarks. 

The optimization effort will 
continue, as Intel expects to ship 
its first Nehalem line of proces- 
sors later this year. Nehalem is 
the code name for Intel's newest 
45-nanometer processor, which 
will feature an embedded mem- 
ory controller and simultaneous 
multithreading. It uses Intel's 
new Hi-k metal gate silicon 
technology, which the company 



says allows increases in transis- 
tor switching speeds while 
reducing electrical leakage. 

Nehalem and Solaris are 
both being tuned to increase 
performance, energy efficiency, 
reliability and virtualization in 
IT systems, said Intel's Stewart. 

The next scheduled release 
of OpenSolaris, due in Novem- 
ber, will be optimized to run on 
Nehalem, said Sun's Hinstorff. 

"People can actually go to 
the OpenSolaris Web site, 
where they can actually see and 
monitor the project," he 
explained. "All of the work that 
Intel and Sun have been 
putting into OpenSolaris to 
support Nehalem will be avail- 
able in the release at that time." 

Developers can expect to 
hear more about the collabora- 
tion between the two at the Intel 
Developer Forum, scheduled for 
Aug. 19 to 21 in San Francisco. I 



Cast Iron opens data integration bottleneck 

Appliance speeds migration of on-premises data with SaaS 



BY ROBERT MULLINS 

Software-as-a-service is becom- 
ing so popular that SaaS 
providers have a backlog of or- 
ders. One appliance maker has 
updated its solution to hand- 
coding software for migrating 
data from the client to the 
cloud, addressing at least part 
of the backlog. 

Cast Iron Systems introduced 
on July 22 the iA4000 appliance, 
which replaces the iA3000 intro- 
duced three years ago. Among its 
new features is the capability to 
migrate data from the client's on- 
premise data center to the SaaS 
provider's cloud, as well as mov- 
ing data between clouds, without 
time-consuming coding work, 
said Chandar Pattabhiram, Cast 
Iron's vice president of product 
marketing, who calls the migra- 
tion process "onboarding." 

The benefit, Pattabhiram 
said, is that not only does the 
migration take place faster but 
it also happens at less cost in 
professional services. 

The appliance offers various 
configuration management 
choices, or "connectors," that 
allow point-and-click data 
migration as an alternative to 
coding the process, Pattabhi- 
ram said. Customers told Cast 
Iron they preferred to migrate 



data using a mouse instead of a 
keyboard, he added. 

Cast Iron partners with SaaS 
providers such as NetSuite and 
Salesforce.com to offer the ser- 
vice for their clients, and also 
offers it to companies that want 
to handle data migration them- 
selves, he continued. 

The iA4000 is provided 
through subscription (US$1,500 
per month), Pattabhiram 
explained. The appliance can be 
installed on the customer's IT 
network or hosted on Cast 
Iron's for the same price. 

Data integration solutions 
help overcome some customer 
resistance to adopting SaaS, 
noted Pattabhiram, who point- 
ed to a 2008 Forrester 
Research survey in which 65% 
of respondent companies not 
adopting SaaS cited integration 
worries as the chief obstacle; 
that was up from 58% in 2007. 

Also, Saugatuck Technology, 
which specializes in SaaS 
research, asked existing users 
how satisfied they were with 
various aspects of SaaS. Data 
integration ranked 13th out of 
14 satisfaction items listed, with 
just over 40% saying they were 
satisfied with their experience. 

SaaS providers need to focus 
on integration issues because, 



for the most part, customer con- 
cerns about the reliability and 
security of SaaS offerings are 
resolved, said Jeff Kaplan, man- 
aging director of the research 
firm THINKstrategies. 

Kaplan mentioned compa- 
nies such as Boomi, Hubspan 
and Pervasive Software as offer- 
ing some of the same data inte- 
gration solutions as Cast Iron's, 
though he considered Cast 
Iron's approach unique, as it is 
an appliance that can be operat- 
ed on premise or in the cloud. 

"Anything that can acceler- 
ate that integration process is a 
good thing," Kaplan noted, 
adding that it applies to cus- 
tomers who reduce the time-to- 
value, and for the SaaS 
providers as well, as they can 
now "focus on advancing their 
own functionality and not have 
to worry about the associated 
issues of integration." 

The first step in data inte- 
gration, Pattabhiram explained, 
is "cleaning" the data, or fixing 
mistakes and discrepancies. For 
example, a company may have 
collected sales leads by scan- 
ning the ID badges of trade 
show visitors, but the data may 
have duplicates or errors. The 
appliance now also adds to the 
database by going to a third- 




Chandar Pattabhiram, VP of 
product marketing for Cast Iron 

party site for additional infor- 
mation. The sales leads in this 
example may merely list a com- 
pany, but the iA4000 can go to a 
Dun & Bradstreet Web site to 
collect revenue information on 
that company, he explained. 

In addition to data scrub- 
bing, the appliance also offers 
application templates for pre- 
senting data in the SaaS envi- 
ronment, Pattabhiram pointed 
out. These are derived from 
Cast Iron's collection of tem- 
plates from the thousands of 
integrations it has done so far. 
Customers can select from the 
collection or customize tem- 
plates for specific needs. I 



DATA FLOW 
ANALYZER SPOTS 
FLAWS EARLIER 

BY DAVID WORTHINGTON 

Defects such as cross-site script- 
ing vulnerabilities often go unno- 
ticed until after the software has 
shipped. A developer of life- 
cycle quality tools has introduced 
a data flow analyzer to help 
developers spot application 
security flaws earlier in the cycle. 

Parasoft has introduced new 
data analysis capabilities, Appli- 
cation Security Solution. The 
server-based technology simu- 
lates application execution paths 
and maps data flow logic. 

The analysis engine on the 
server uses scanning patterns to 
detect vulnerabilities, including 
cross-site scripting flows, data 
exposure and SQL injection. The 
engine works on several pro- 
gramming languages, said Wayne 
Ariola, vice president of corpo- 
rate development at Parasoft. 

Gartner fellow and vice 
president Neil MacDonald said 
in a statement, "The notion of 
application 'quality' which has 
traditionally focused on func- 
tionality and performance, 
must be expanded to include 
security. Native integration of 
security testing capabilities into 
the [tools] will increase the like- 
lihood of acceptance by the 
development organization." I 
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Ruiz out as CEO of AMD, but remains as chairman 



BY ROBERT MULLINS 

Beleaguered microprocessor 
maker AMD was confined to 
the boardroom on July 17, the 
same day the company reported 
dismal financial results. 



The Sunnyvale, Calif. -based 
corporation announced that the 
AMD board had named Dirk 
Meyer, at the time the presi- 
dent and COO, to replace Hec- 
tor Ruiz as CEO. Ruiz, who had 



been at the helm for six years, 
will stay on as executive chair- 
man and chairman of the com- 
pany's board. 

AMD described his new 
role as ensuring "a smooth 



executive leadership transi- 
tion." The announcement also 
described the personnel 
change as "the final phase of a 
two-year succession plan devel- 
oped and implemented jointly 
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by AMD's board of directors 
and executive team." 

AMD had long been strug- 
gling against Intel in the market 
for the chips that run the 
worlds computers and servers. 
But in 2003, AMD got the jump 
on Intel by developing the first 
commodity 64-bit architecture 
CPUs. Intel's didn't come out 
until 2004. 

However, more recently, 
AMD has had a difficult time 
matching that success. For 
instance, its quad-core Opteron 
processors, launched in 2007, 
have suffered production delays 
and performance problems that 
forced the departure of its 
CTO, Phil Hester, in April. 

AMD reported a US$1.2 bil- 
lion net loss, or $1.96 per share, 
on revenue of $1.35 billion in 
the quarter ended June 28, a 
widening of the net loss of $600 
million, or $1.09 a share, on 
$1.31 billion in revenue for the 
year-ago quarter. 

In addition, prestige client 
DreamWorks Animation an- 
nounced last month that it was 
switching from AMD to Intel 
chips for its servers; the compa- 
ny is perhaps best known for 
the animation hits "Shrek" and 
"Kung Fu Panda." I 

SPREADSHEET FOR 
SHAREPOINT ROLLS 

BY DAVID WORTHINGTON 

A .NET component maker has 
unveiled an application in the 
form of a Web Part for Share- 
Point that presents SharePoint 
list data as a customizable 
spreadsheet to be integrated 
with external Web services. 

FarPoint Technologies re- 
leased Spread for SharePoint, 
an ASP.NET spreadsheet com- 
ponent for Microsoft Share- 
Point Services 3.0. Installation 
integrates Spread with Share- 
Point List View customizations, 
including column order, col- 
umn visible, filter, group by 
totals and sort. 

Spread lets users create per- 
sonalized views of SharePoint 
lists by setting column format 
elements such as alignment, 
background and font color. 

Spread comes in two edi- 
tions: Standard (US$995) and 
Professional ($1,495). The lat- 
ter has an unsealed base class 
that can be extended into a cus- 
tomized Web Part. I 
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Fujitsu Interstage provides cross-division processes 



BY DAVID WORTHINGTON 

In an attempt to make it easier 
for enterprises to create cross- 
division processes, a business 
process management (BPM) 
software developer has updated 



its tools to consolidate multiple 
applications onto one server for 
centralized management. 

Fujitsu has released version 
10 of Interstage Business Pro- 
cess Manager. It is designed for 



application partitioning, which 
allows multi-tenant deployment, 
the company noted. 

BPM is now an accepted 
concept, but it requires spe- 
cialized skills, said senior vice 



president of research and 
development Keith Swenson. 
Application partitioning per- 
mits businesses to pull that 
skill into one group, he added. 
Partitioned applications are 
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managed independently so that 
one division is not manipulating 
or viewing the processes from 
different divisions, Swenson 
explained. 

Interstages business moni- 
toring and simulation has new 
analysis and troubleshooting 
abilities in this release, and it 
now includes tools for design- 
ing user interfaces, as well as 
for deploying service mashups 
and composite applications. 

Processes can be monitored 
for outliers that fall outside of 
established conditions; those 
outliers trigger a notification via 
e-mail or a call to an external 
system. Process information 
can be combined with business 
data and stored in a data ware- 
house, to be analyzed for pro- 
cess improvement. 

Analytics are transferred to 
an Online Analytical Processing 
engine to give users a historical 
retrospective that can break out 
processes according to their 
data, said Swenson. 

Users can simulate process- 
es using hypothetical arrival 
rates for work that are defined 
in the Eclipse-based Interstage 
Business Process Manager Stu- 
dio environment. Simulations 
mimic real conditions by allo- 
cating resources according to 
the business calendar. 

The Interstage Studio also 
includes a new WYSIWYG 
designer for creating AJAX- 
based forms. AJAX interfaces 
can be put into mashups incor- 
porated with applications such 
as Google Maps, according to 
Swenson. 

"We have always been ori- 
ented to quickly developing 
applications," he said. "What is 
unique about our approach is 
that users can draw a process 
[in BPMN] and run it immedi- 
ately without any program- 
ming," adding that Interstage 
has the ability to modify run- 
ning processes. I 



Oldies But 
Goodies! 



Come up to speed on the 

latest technologies. 

Visit the SD Times 

Web Seminar Archive at 

http://bzmedia.com/webseminar/ 



www.sdtimes.com 



Software Development Times 



■ August 1, 2008 ■ 



NEWS 



Adobe turns over the PDF keys to ISO 



BY DAVID W0RTHINGT0N 

The Portable Document For- 
mat (PDF) specification may 
have already seemed like a 
standard, but now it's official. 

Adobe Systems has relin- 
quished control of PDF to ISO 
International, which in turn has 
formally adopted the format as 
a global standard for electronic 
documents. 

PDF will now be formally 
known as ISO 32000-1, accord- 
ing to ISO. It will assume the 
responsibility for publishing 
the specifications for PDF ver- 
sion 1.7 and for updating and 
maintaining all future versions 
of the format. 

PDF received global accep- 
tance in December, when par- 
ticipating countries voted near- 
ly unanimously to approve PDF 
1.7 as an ISO standard. 

While ISO approval will 
further legitimize PDF for 
those organizations that are 
sticklers about ISO approval, 
PDF is almost universally 
accepted, even in government, 
said Guy Creese, a vice presi- 
dent and research director of 
Burton Group. "The ISO 
approval further legitimizes 
that usage," he added. 

What's more, the percep- 
tion that Adobe is a platform- 
neutral vendor will contribute 
to its acceptance, Creese said. 
"Adobe is seen as an 'open' 
proprietary vendor, and that 
makes all the difference in 
the world." 

Several subsets of the PDF 
format had already been 
approved by ISO as interna- 
tional standards: PDF for 
Archive, PDF for Engineering 
and PDF for Exchange. 

Meanwhile, PDF for Uni- 
versal Access remains on the 
organization's docket. The 
Association for Information 
and Image Management stan- 
dards committee currently 
oversees it, and it was also 
responsible for submitting 
PDF 1.7 to ISO. 

ACROBAT 9 ROLLS 

In related news, Adobe has 
released Acrobat 9, which 
includes updates of Adobe 
Creative Suite, Acrobat Pro 
and Acrobat Standard, as well 
as Adobe Reader for Mac OS X 
and Windows. As an alterna- 
tive form of distribution, the 
company is beta-testing a line- 
up of hosted services at 



www.acrobat.com. 

Acrobat 9 has native sup- 
port for PDF 1.7, Adobe 
Extension Level 3, which is a 
backward-compatible exten- 
sion to ISO 32000-1. Adobe 



was continuing to add features 
to the PDF language while 
ISO was standardizing PDF, 
said company spokesperson 
Kate Sellers Blatt. 

"However, since the ISO 



32000 committee was able to 
achieve their standardization 
efforts more quickly than we 
anticipated, the advances made 
with Acrobat 9 are not part of 
that document and, instead, are 



Adobe Extensions to ISO 
32000-1," she added. The com- 
pany is working with the ISO 
32000 committee to see the 
extensions natively incorporat- 
ed into 32000-2. I 
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Microsoft and ASG Software have created an API that connects 
Microsoft Systems Center Operations Manager to ASG's Business 
Service Platform, which the companies said combines Microsoft serv- 
er performance information with business service management 
. . . DevExpress has released a public beta of 
its AgDataGrid suite for Silverlight, which 
implements smart loading of the Silverlight grid's Ul for smaller con- 
trol load times, the company said. The AgDataGrid beta features data 
grouping and sorting against multiple columns, column movement and 
resizing, and row editing . . . Live content archiving product maker 
Mimosa Systems has released an SDK for its Near Point platform for 
content archiving and monitoring, as well as for regulatory compli- 
ance. The free SDK allows developers to extend the platform's capa- 
bilities for more content sources, including content stored on backup 
tapes, records management and business intelligence products . . . 
MVP Systems, a provider of automation and application scheduling 
software, has released SaaSMonitor.com, a software-as-a-service 
(SaaS) application that monitors servers, network devices and appli- 
cations. The company said that monitoring is done relatively quickly 
because there is no software to deploy. The product has an alerting 
system that notifies the user when an issue is detected. 



_L 



UPDATES 



_L 



TotalView Technologies has added the ability to run on the Cell Broad- 
band Engine architecture in version 8.5 of its namesake source 
debugger. The latest version works with Cell Broadband Engine-based 
Linux systems by way of the IBM Cell SDK, according to the company. 
IBM Blue Gene/P platform interoperability in the debugger now 
includes asynchronous control of threads created by Open MP and 

continued on page 12 ► 



Embarcadero rolls DB Optimizer, 
the first post-CodeGear product 



BY ALAN ZEICHICK 

It's only been a month since 
Embarcadero closed on its July 
1 purchase of CodeGear, but 
the early fruits of that acquisi- 
tion are being seen with 
Embarcadero's first post-acqui- 
sition product release. 

DB Optimizer is a SQL pro- 
filing and tuning tool that the 
company says is synergistic with 
both Embarcadero's classic line 
of database utilities and Code- 
Gear's IDEs. 

According to Embarcadero, 
DB Optimizer can help fine- 
tune an application's SQL state- 
ments. First, it monitors the 
SQL queries in the code by 
analyzing CPU and I/O metrics. 
Then, developers can use those 
metrics to rewrite SQL queries 
to be faster and more efficient. 

The product comes in sepa- 
rate versions for IBM's DB2, 
Microsoft's SQL Server, and 
Oracle's and Sybase's database 
management systems, accord- 
ing to the company. DB Opti- 



mizer costs US$1,875 for a sin- 
gle seat; volume licensing can 
drop that to $1,500 per seat. 

The software includes an 
existing Embarcadero product, 
PowerSQL Professional Edi- 
tion 1.1, which is an Eclipse- 
based IDE that offers code 
completion and syntax valida- 
tion of SQL statements. 

According to Embarcadero, 
DB Optimizer offers visualiza- 
tion of wait- time analysis to eas- 
ily pinpoint SQL statements 
that might cause poor database 
performance, with drill-downs 
detailing the activity informa- 
tion for an individual statement. 
Real-time quick fixes automati- 
cally flag and correct inefficient 
SQL code. 

Michael Swindell, who had 
been with Borland and Code- 
Gear since 1997, is now vice 
president of products at Em- 
barcadero. He said that DB 
Optimizer is the first of several 
planned products that will 
extend CodeGear's reach into 



databases, under the new Data- 
baseGear brand. 

"By bringing together Data- 
baseGear and CodeGear tools 
and technology, Embarcadero is 
delivering a complete portfolio 
of platform-independent opti- 
mization tools for both applica- 
tion developers and database 
professionals," Swindell said in 
a statement. 

Embarcadero, already well 
known for its data modeling, 
data transformation and SQL 
building tools, made headlines 
in May when it announced the 
pending acquisition of Code- 
Gear from Borland. The pri- 
vately held Embarcadero paid 
approvimately $23 million for 
CodeGear and pledged to invest 
in CodeGear's IDEs. 

Since divesting itself of its 
CodeGear division, Borland has 
launched Borland Management 
Solutions, a software delivery 
platform based on an open 
application life-cycle manage- 
ment framework. I 
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Good quality assurance means delivering a great product with 
fewer follow-up hassles. Great quality assurance can even mean 
more efficient workflow and higher profits. AutomatedQA, 
named to the 2008 SD Times 100, the annual listing of the top 
innovators and leaders in software development, provides great 
QA at a great price. 

"Affordability is what sets us apart from other automated testing 
tools," says Derek Langone, the company's president. "Automat- 
edQA delivers enterprise-quality automated testing software at a 
price point that any organization can afford." 

AutomatedQA (www.AutomatedQA.com) is bringing the ability 
to run automated testing to every development team, no matter 
how large or small. "For too long, automated testing has been out 
of reach for all but the biggest software development organi- 
zations," says Langone. "We're focused on lowering the 
barriers to entry, so every developer, regardless of 
size, can leverage test automation throughout 
their development life cycle." 

The company's tools deliver immedi- 
ate and substantial ROI. "The enter- 
prise-quality features allow soft- 
ware development and QA teams 
to keep up with the ever-in- 




creasing testing workload without increasing head- 
count," Langone says. 

The flagship product, TestComplete, makes it simple 
to get started with automation by including its automated function- 
al, unit, regression, manual, data-driven, object-driven, distributed 
and HTTP load, stress and scalability testing, in one easy-to-use and 
totally integrated package. 

TestComplete is a systematic, automated and structured testing 
tool, with superior support for .NET, Java, Visual C++, Visual Basic, 
WPF, Delphi, C++Builder and Web applications. It is equally adept at 
testing 32-bit and 64-bit applications. With TestComplete, you can 
also test PowerBuilder, FoxPro,Access and many other applications. 

AutomatedQA also offers Automated Build Studio, a powerful 
build and release management system; AQtime, a performance and 
memory profiler for Win32 and .NET applications; and AQDev- 
Team, a scriptable bug tracker that comes with a graphical workflow 
manager that makes using this tool super-easy. 

"Across our product line, AutomatedQA delivers the industry's 
best blend of value and functionality," says Langone. Plans for the 
near future include improving the depth of support for Windows, 
.NET, Java, WPF applications and Web services. (^ 

AutomatedQA 
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MORE UPDATES 



3 RE ALbasic 



< continued from page 10 

Pthreads . . . Real Software shipped REALbasic release 3 r aimed at 

Linux, Mac OS X and Windows plat- 
forms. Included is a new language 
feature called Attributes, a project analyzer that the company says 
can warn of deprecated functionality and other issues, and an inte- 
grated profiler that allows the tracking of performance issues without 
having to recode the application . . . Cenzic announced the 5.7 
release of Hailstorm Professional and Hailstorm Enterprise ARC, 
which the company said includes PCI compliance reporting that 
adheres to the PCI Council Reguirement 6.6 for data input protection, 
as well as stronger Web services support, a new user interface for the 
ARC desktop client, and usability and workflow improvements for the 
ARC dashboard . . . Model-driven development company Intelliun has 
released Virtual Enterprise 6.0, which adds support for .NET and 
SOA development on top of its Java EE support. Intelliun adopts the 
Unified Modeling Language standard, which allows people to build 
applications without having to write actual code . . . Austria-based 
automated software testing company Ranorex has released a new ver- 
sion of its flagship software testing application, Ranorex 1.5. One of its 
new features is Ranorex Studio, a test development environment that 
permits users to create test automation projects through a single 
interface, according to the company. 



PEOPLE 



Mark Hoffman was named chairman and CEO of Enquisite, a maker of 
search analytics products. Hoffman was previously CEO of Everdream, 
a SaaS company that was acquired by Dell in December 2007, as well 
as the CEO and chairman of e-commerce specialist Commerce One. He 
has more than 25 years of experience in the software industry. I 



Altova adds BPMN to UModel 



BY DAVID WORTHINGTON 

The developer of a Unified 
Modeling Language (UML) 
tool has enabled the tool to 
draw business process work- 
flows in Business Process Mod- 
eling Notation (BPMN) and has 
updated its application lan- 
guage support. 

Altova last month released 
UModel Version 2008 Release 
2 (v2008r2), a UML tool for 
visually designing application 
models. It is available in Enter- 
prise and Professional editions, 
with pricing starting at US$139. 

The new release adds code 
generation and reverse-engi- 
neering features for C# 3.0, Java 
6.0 and Visual Basic 9.0, the 
most recent versions of those 
languages. The Enterprise edi- 
tion can plug into Eclipse as 
well as Visual Studio 2005 and 
2008, while the Professional 
edition is a standalone product. 

UModel can reverse-engi- 
neer code from unobfuscated 
applications and binary files, 
said David McGahey, Altovas 
product marketing manager for 
UModel. 
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UModel adds code generation and reverse engineering for CH3.0, Java 6.0. 



Both editions of UModel 
support the Object Manage- 
ment Groups BPMN 1.1 speci- 
fication. Object Management 
Group is responsible for main- 
taining the BPMN specification 
and is currently producing a rec- 
ommendation for BPMN 2.0. 

UModel Enterprise has new 
diagramming functionality in 
this release, including diagram 
layers, in which diagram ele- 
ments can be assigned and 



grouped to a specific layer. 

UModel Enterprise v2008r2 
"acts more like a drawing pro- 
gram" than before, McGahey 
explained, adding that users can 
construct complex diagrams out 
of multiple layers to view and 
hide individually, thus provid- 
ing different perspectives of the 
model. For example, state dia- 
grams can be displayed with 
multiple sub-states on separate 
layers, he pointed out. I 




Black Duck 

Software developers often save time by integrating disparate open- 
source components — it sure beats reinventing the wheel when creat- 
ing applications. But what about the licenses? Best practices call for a 
component management system to prevent license violations and to 
ensure proper credentialing. Black Duck Software, named to the 2008 
SD Times 100 list of industry leaders, provides the best tools available 
for open-source management. 

Black Duck CEO Douglas A. Levin attributes that excellence to the 
company's consistent vision: "Corporations want to utilize open- 
source and third-party components to drive down the cost of devel- 
opment and speed time-to-market. Managing those components in an 
enterprise requires infrastructure that scales to the complexity of the 
problem.We deliver technologies through the entire life cycle that sup- 
port the selection, utilization and verification of these 
components." 

Black Duck's services adapt to your own com- 
ponent management requirements, no mat- 
ter what your specific needs. When you 
have questions, Black Duck's customer 
support service is top priority, with 
quick responses and expert help in 
diagnosing and solving problems. 




And when you need to find just the right component, 
the Koders.com free online code search engine opens 
a whole world of downloadable code. Black Duck con- 
sulting services can guide you through software compli- 
ance management and open source, proposing solutions that balance 
demands for technical innovation and controllable costs. 

Black Duck is committed to providing advanced technology that 
accelerates software development. "We will continue to add function- 
ality to our product line, emanating from our own technology road 
map and from customer requests," Levin explains, describing Black 
Duck's customer council, which consists of representatives from com- 
panies of various sizes and industries. 

When it comes to listening, Black Duck is an active participant in 
every way. "Our product managers go out and meet with customers 
and listen for their requests, both explicit and implicit, in the operating 
environment," Levin says. 

"Software developers, their managers and lawyers who work with 
development teams have always been our best customers. They are 
absolutely the key to our success, and we will continue to listen to 
them," he concludes. Learn more at BlackDuckSoftware.com. ® 
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VBrful Imaging DDvelopmcnt SDK 



LEADTOOLS v. 15 - 

wpf, A J AX, .NET, API, COM and more... 

Develop your application with the same time-tested and robust 
Imaging code used by Fortune 1000 companies such as 
Microsoft, MP, Kodak, Corel,. GE, Canon, Ford and CitlCorp, 
LEADTOOLS pravrdes developers easy across to decades of 
expertise in developing eotor, grayscale, document, medical, 
vector and multimedFa imaging code. Install LEADTOOLS to 
eliminate months of research and development time whMe 
maintaining high levels of quality, performance and Functionality. 

• WPF (XAML) controls: Viewer, Image Ust and more 

• A J AX Web Form Image controls 

• WIC enabled codecs: automatic integration with WPF/WIC 
applications 

■ Image formats: 150+ Including TIFF r HD Photo, JPEG, JPEG2Q00, 
PDF, XPS, [>WG and mora 

■ Dispiay controls: scroll, zoom, pan, brightness, window level 



- WIA scanning: supports 32 and 

64 bit drivers 

■ TWAIN scanning: auto-detect 
optimum driver settings for fastest 
scanning 

* Image procassing: 200 I filters, 
transforms and coSor conversion 
functions 

* Document 

cleanup/ preprocessing: deskew, 
de speckle, registration and more 

* OCR / icr / CM Ft: most accurate 
recognition with formatted Output 
(PDF, DOC, TXT and more) 

■ Barcode: read and print 1D/2D 
(DataBar/RSS, UCC/EAN r 
DataMatrix, QR, PDF and more) 

* Bifconal compression; JBIG, 
JBIG2, LEAD ABC, CCITT G4 and 
mnre 

■ Annotations: Interactive UI for 
mark-up objects Including shapes, 
text, measurement, security, 
multimedia and more 

* Grayscale imaging: display and 
process signed/unsigned 12-16 bit H 

3Z bit data 

■ DICOM: All IOD classes and 
modalities (Cft, CT r MR, MM, US, RF, 
sc, VL and morej 

■ DICOM communications: 
high/Eow-leuel functions For all 
service classes 

■ Multimedia; capture, play, stream 
and convert DVD, MPEG, AVI, WMV, 
MP4, MP3, OGG, ISO and more 

* PVD: creation and burn 

* PDF: read/write w/ibh MRC 
compression 
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Krugle upgrade targets 
code maintenance issues 

Analyst: Companies crave this search capability 



BY ROBERT MULLINS 

Software code search specialist Krugle 
thinks code maintenance tasks can be 
simplified with better search functions 
against software in development and 
already deployed — something an indus- 
try expert says is sorely needed. 

Krugle last month released its Enter- 
prise 2.3 search appliance, which plugs 
into an application life-cycle manage- 
ment system and finds the sections of 
code that need fixing in a maintenance 
upgrade, even when the 
code is slightly reconfig- 
ured for different end 
users, the company said. 

Depending on the 
size of the business and 
its code maintenance 
workload, more efficient 
code search could save 
from US$4 million to 
$20 million annually, 
said Mel Badgett, 
Krugles vice president 
of product marketing, 
citing an industry-stan- 
dard calculation method. 

Badgett suggested 
that, for example, soft- 
ware is written to run 
on cell phones but must 
be reconfigured for dif- 
ferent wireless carriers 
and handset makers. Deploying a soft- 
ware upgrade or bug fix could be com- 
plicated and costly, depending on the 
number of supported platforms. 

"What happens right now," he contin- 
ued, "is that a lot of the [post-release] 
development and maintenance ... hap- 
pens independently." 

But a software maker could use 
Krugle s code "snippet" feature to search 
for exact matches in the code, he noted, 
as well as similar matches that could be 
reconfigured code in different branches 
or releases of the software. The Krugle 
appliance searches for the section of 
code that is a problem in all occurrences 
of that software. 

"You're coordinating all these 
efforts," Badgett added, so that develop- 
ment teams don't wind up managing 
their mistakes in isolation from the rest 
of the IT effort. 

Companies with billions of lines of 
source code need this kind of search 
capability, said Theresa Lanowitz, 
founder of research firm Voke, as prac- 
tices such as component development 
and parallel development take hold. 

Component development refers to 
sections of code combined to perform a 




'What happens right now is 
that a lot of the [post- 
release] development and 
maintenance ... happens 
independently.' 

—Mel Badgett, Krugle r s vice 
president of product marketing 



specific function and plugged into a soft- 
ware project. Parallel development re- 
fers to sections of code placed on differ- 
ent "branches" in a code project that 
have slightly different configuration, as 
in the cell phone example above. 

"The fact that Krugle is saying, 
'We're going to help you with your main- 
tenance,' which we all know is a big part 
of every IT system's budget, probably up 
in the 80% range ... is a powerful solu- 
tion," Lanowitz said. 

Version 2.3 of the 
appliance also features a 
four disk-drive configu- 
ration that stores, repli- 
cates and analyzes up to 
10 billion lines of code at 
a time. Pricing for En- 
terprise 2.3 starts at 
$15,000 annually for an 
appliance with the ca- 
pacity to search 5GB (or 
50 million to 75 million 
lines) of code at one 
time, said Matt Graney, 
Krugles vice president 
of product management. 
The price rises for larg- 
er-capacity appliances. 

Krugle's estimate of 
the potential savings 
from more efficient 
code search is based on 
calculations by Capers Jones, a software 
consultant and author of the book, "Esti- 
mating Software Costs." The estimates 
calculate the average percentage of code 
under management in an enterprise in 
which there are expected to be "issues," 
said Badgett, such as needed upgrades, 
reconfigurations or bug fixes; the Jones 
analysis also factors in the maintenance 
labor expenses of the business. The larg- 
er the company and the more code it 
needs to maintain, the larger the poten- 
tial savings, Badgett concluded. 

Version 2.3 also can index code files 
and allow the user to enhance code file 
search queries with custom qualifiers, 
such as file identifiers and other meta- 
data, the company said. It's the equiva- 
lent of adding tags to a blog posting, not- 
ed Mike Gualtieri, a senior analyst with 
Forrester Research. 

"I think that's very smart," said 
Gualtieri. "I imagine [Krugle] could 
make it very easy, and as long as they can 
do that, it's a great feature." The hard 
part, he conceded, is that software de- 
velopment associations, such as the 
Eclipse Foundation or the Linux Foun- 
dation, would need to agree on a com- 
mon vocabulary of tag terminology. I 
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Shakeup at VMware shows its lead is shrinking 

Ex-CEO Greene was better at engineering than marketing, analyst says 



BY ROBERT MULLINS reasons, notes an industry ana- tion market has intensified, with her husband, Mendel 

Diane Greene's dismissal as lyst: Greene was an engineer slowing VMware's once-rapid Rosenblum, in 1998, run it as a 

president and CEO of VMware rather than a marketer, and growth. division of EMC since 2003, 

was understandable for two competition in the virtualiza- Greene had started VMware and then guided its partial spin- 
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off in an initial public offering 
in 2007. But she was fired July 
8. Paul Maritz, president of the 
cloud computing division of 
VMware's parent, EMC, re- 
placed her immediately. 

Greene's type of experience 
has unfolded at other tech com- 
panies, noted Laura DiDio, a 
senior analyst at the Yankee 
Group. Such companies are 
founded by engineers who have 
a brilliant idea for software or 
hardware. But when the com- 
pany reaches a certain size or 
level of maturity, she said, it 
needs more than strong prod- 
uct engineering to grow. 

"You can't argue with [her] 
success," DiDio said of 
Greene. She and Rosenblum, 
whose engineering degrees are 
from MIT and Stanford Uni- 
versity, respectively, took virtu- 
alization technology that IBM 
created on its mainframe com- 
puters decades earlier "and 
made it new again" for servers, 
desktops and other parts of the 
data center. 

But other companies have 
built virtualization products 
that match VMware on quality 
but undercut it on price, DiDio 
added. VMware needs to be- 
come more marketing-focused, 
she added. 

MARKETING VS. TECHNOLOGY 

"Great marketing combined 
with so-so technology will get 
you further [and] faster than 
great technology with so-so 
marketing," DiDio argued. 

Various developments in 
virtualization worked against 
VMware, she noted. Microsoft 
released its Hyper-V virtualiza- 
tion hypervisor to manufactur- 
ers on June 26. Given that 
continued on page 18 ► 
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< continued from page 16 

approximately 70% of servers 
in the world run some version 
of Windows Server, Microsoft 
has an "in" with many potential 
customers. 



In another case, Oracle's 
acquisition of BE A earlier this 
year eliminated a crucial oppor- 
tunity for VMware to pair its 
hypervisors with BE As middle- 
ware, DiDio noted. Oracle 



offered its own hypervisor at its 
Oracle Open World Confer- 
ence in November 2007. 

What's more, the 2007 ac- 
quisition by desktop application 
delivery company Citrix of 



open-source Xen server virtual- 
ization provider XenSource 
gave new life to a competitor of 
VMware. Yet another, Virtual 
Iron, is also undercutting 
VMware on the price of soft- 




ware and support for its open- 
source offering. 

Finally, VMware is facing 
competition from itself, DiDio 
explained. Like other vendors, 
VMware offers a free bare- 
bones hypervisor. Increasingly, 
VMware's customers are 
choosing the free version over 
its commercial ESX Server 3i 
product. 

In 2006, 90% of VMware 
customers were deploying the 
ESX server, and only 10% the 
free version. Two years later, 
only 50% are deploying ESX, 
and the rest are deploying the 
free version. DiDio attributes 
the shift to the growing adop- 
tion of virtualization by small 
to medium-sized businesses, 
whose priorities are focused 
more on cost and less on bells- 
and-whistles management. 

Depending on the configu- 
ration, a VMware deployment 
can reach into the tens of thou- 
sands of dollars for licenses and 
support costs. 

DiDio pointed to a Decem- 
ber 2007 interview in The Wall 
Street Journal with Greene as 
evidence of her lack of market- 
ing savvy. At the time, Greene 
said that the company's increas- 
ing competition wouldn't affect 
VMware's pricing — the oppo- 
site of what students are taught 
in Economics 101. 

Maritz has the marketing 
savvy to engage in some price 
competition with VMware's 
new competitors, DiDio not- 
ed. During his tenure at 
Microsoft, he took part in the 
launches of Windows 95 and 
98, events that prompted peo- 
ple to camp outside of stores to 
buy the operating systems 
when they went on sale. 

Maritz most recently led 
EMC's Cloud division, which 
was born of the company's 
acquisition earlier this year of 
Pi Corp. Maritz founded Pi in 
2003, three years after retiring 
from Microsoft, where he had 
spent 14 years. Pi focused on 
building cloud-based solutions 
for new ways of doing personal 
information management. 

"As one of the founders 
and the leader of VMware, 
Diane guided the creation 
and development of a com- 
pany that is changing the 
way that people think about 
computing," VMware chair- 
man Joe Tucci said in a pre- 
pared statement. I 
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BIRT 2.3 improves JavaScript debugger 



BY ROBERT MULLINS 

The open-source business intel- 
ligence tool BIRT 2.3, which 
was part of the Ganymede 
release train, has been updated 
with a JavaScript debugger, a 
SQL query builder and other 
features. 

Actuate, the commercial 
sponsor of Eclipse-based open- 
source BIRT platform, recently 
announced its support of BIRT 
2.3. This followed the June 25 
Ganymede release from the 
Eclipse Foundation, which had 
23 projects that added new fea- 
tures to the Eclipse platform. 

BIRT 2.3 now has a native 
JavaScript debugger and an 
improved JavaScript editor that 
adds code folding and script 
validation, according to Actu- 
ate, the Eclipse Foundation 
and the BIRT community. 

Also included in BIRT 2.3 is 
a prototype SQL Query Builder 
(SQB) based on the Data Tools 
Platform Database connectivity 

OFFICE OPEN XML 
FOR TEXT CONTROL 

BY DAVID WORTHINGTON 

With the acceptance of Office 
Open XML (OOXML) as an 
ISO International standard, a 
component maker has added 
support for what must be the 
most widely used implementa- 
tion of the format to its .NET 
word processing control. 

On July 8, The Imaging 
Source announced the North 
American release of an update 
to TX Text Control .NET 14 
that adds support for creating, 
editing and saving documents 
into the Microsoft Word 2007 
DOCX format. 

The control comes in two 
varieties: standard, which costs 
$US299 to upgrade, and profes- 
sional, $599 for an upgrade. 

The professional edition can 
convert DOCX into Microsoft's 
Word 97 and Word 2003 binary 
.DOC formats and Portable 
Document Format, said Ian 
Blackley, sales engineer for TX 
Text Control. 

The professional version is 
also differentiated by its support 
of document sections with vari- 
ous headers and footers, he said. 

DOCX is Microsoft's imple- 
mentation of Ecma Internation- 
al's OOXML, which was created 
by Microsoft and donated to 
Ecma. Ecma accepted OOXML 
as a standard late in 2006. I 



framework. The SQB provides a 
textual editor and a graphical 
builder for users to create a SQL 
query. As this is a prototype, the 
BIRT community is seeking 
feedback on users' experience. 
As many of the business 



intelligence reports created 
using BIRT include charts and 
graphs, version 2.3 adds related 
features, including scriptable 
crosstabs and crosstab support 
for displaying horizontal or ver- 
tical charts. 



Actuate 10 is the company's 
commercial product for sup- 
porting BIRT 2.3 developers. 

Multiple software develop- 
ment companies tied product 
announcements to the Gany- 
mede release, an annual Eclipse 



Foundation project to upgrade 
its open-source platform. 

Details about BIRT 2.3 can be 
found on the Eclipse Foundation 
site, at www.eclipse.org/birt 
/phoenix/project/notable2.3.php, 
and the BIRT Exchange (a por- 
tal for the BIRT community), 
at www.birt-exchange.com/wiki 
/FAQ:BIRT_2.3/. I 
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Gooale ditches XML for its new IDL 



< continued from page 1 

Java and Python. 

Varda noted that Protocol 
Buffers is an IDL that was 
designed for simplicity. IDLs 
are used to create a communi- 
cations bridge between pro- 
grams that are written in differ- 
ent languages or reside on 
different operating systems. 

The framework compiles the 
IDL code — an intermediary for- 
mat — into a binary format, 
which is used as a transmission 
protocol, explained Forrester 
senior analyst Jeffrey Hammond. 

"By sticking to a simple lists- 
and-records model that solves 
the majority of problems and 
resisting the desire to chase 
diminishing returns," Varda 
wrote, "we believe we have cre- 
ated something that is powerful 
without being bloated. And, yes, 
it is very fast — at least an order 
of magnitude faster than XML." 

Google's documentation 
claims that structured data can 
be represented in a third to a 
10th of the space required, and 
transmission times cut to a 20th 
or even a 100th of the time, 



Whereas with XMr 

you would have to do 

something like..., J 



compared to XML 

According to 
Varda, Google 
rejected XML 
because it is not 
efficient at the 
scale at which it operates 
and is an expensive proposition 
when servers and networks are 
running at full capacity. Also, 
writing code to work with the 
DOM tree could potentially be- 
come unwieldy. 

The documenta- 
tion states that Protocol ^^H 
Buffers were initially 
developed in 2001 to address an 
index server request/response 
protocol. Since then, it has 
become, symbolically, Google's 
lingua franca for data, with 
48,162 message types defined in 
the Google code tree across 
12,183 .proto files, according to 
the documentation. 

But industry watchers aren't 
walking away from XML. "Pro- 
tocol Buffers provides a more 
lightweight approach to serial- 
izing data than XML provides 
and also resolves some of the 
more niggling issues with 



^m 



\ 



cout « "Name: " 

« person. getElementsByTagName ("name") ->item(0) ->innerText () 

« endl; 
cout « "E-mail : " 

« person . getElementsByTagName ("email") ->item(0) ->innerText () 

« endl; 



cout « 
cout « 



'Name : ' 
'E-mail : 



« person . name ( ) « 
" « person. email () 



endl ; 
« endl; 



i 




...manipulating a 
protocol buffer requires 
fewer lines of code. * 



XML," acknowledged Jason 
Bloomberg, who is one of two 
managing partners at Zap- 
Think. "But, on the other hand, 
they are not as powerful as 
XML and are not as yet nearly 
as widely adopted." 

XML's text-based nature is 
bound to make it verbose and 
prone to overhead, remarked 
Forrester's Hammond. 

Bloomberg observed that 
Google's sheer size might 
encourage widespread adoption 
of Protocol Buffers, where ear- 
lier approaches may have lan- 



guished from lack of interest. 

The fact "that Google is 
championing Protocol Buffers 
may be sufficient to establish 
[it] as a viable alternative to 
XML," he said. 

In contrast, Hammond is 
reserving his judgment on 
would-be XML alternatives, in- 
cluding Protocol Buffers and 
Facebook's Thrift (developers 
.facebook.com/thrift) for now. 

Although he called them "rea- 
sonable optimizations" when an 
end-to-end connection exists, he 
doesn't believe they'll go main- 



stream anytime 

soon. "Unless their 
use is widely standard- 
ized, we're liable to see 
as many as a dozen dif- 
ferent alternatives pop 
up, [as] the various Web 
players look to compete 
on securing control 
over an optimized 
Web communi- 
cation API." 

Indeed, 
one competing 
^^^^^^F specification is 

already making 
inroads, said another analyst. 
JSON (JavaScript Object Nota- 
tion) is a strong example of a 
new format upsetting the XML 
status quo in software develop- 
ment, according to RedMonk 
analyst James Governor. 

JSON, which is optimized 
for server-to-browser commu- 
nication, has a mutually benefi- 
cial relationship with AJAX, he 
explained. "As AJAX has picked 
up, so has JSON. The result: far 
more performant and rich 
browser-based apps," he wrote 
in an e-mail. I 
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Microsoft to ship smaller-scale servers in the fall 



BY DAVID WORTHINGTON 

Microsoft plans a fall release for 
both an update to its Windows 
Small Business Server as well as 
a server targeting the midtier 
market. 

Microsoft said last month that 
Windows Small Business Server 
(SBS) 2008 and Windows Essen- 
tial Business Server 2008 would 
become generally available Nov. 
12. Release candidates (www 
.multiplyyourpower.com) of 
both are available for evaluation. 

SBS 2008 will come in two 
editions: "Standard," which 
sells for US$1,089 with addi- 
tional client access licenses 
(CAL) running $77 each; and 
"Premium," which will cost 
$1,899 with CALs available for 
an additional $189 per license. 

Both editions include 
Microsoft Forefront Security for 
Exchange Server, SharePoint 
Services 3.0 and Windows Serv- 
er Update Services 3.0, as well 
as trial subscriptions to Windows 
Live OneCare for Server and 
Office Live Small Business inte- 
gration. Forefront Security for 
Exchange Server is part of the 
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Exchange Server 2007 comes with Windows Small Business Server 2008. 



company's Forefront security 
lineup, developed by Microsoft 
under the "Stirling" name and 
based on Sybari Antigen, which 
Microsoft acquired with its pur- 
chase of Sybari in June 2005. 

The Premium edition will 
bundle the still-unreleased 
SQL Server 2008 Standard Edi- 
tion and a second instance of 
Windows Server 2008 Stan- 
dard, for hosting SQL Server. 

Customers may notice some 



higher sticker prices. Microsoft 
nearly doubled the cost of the 
SBS 2008 Standard edition by 
raising it by almost $500 from 
SBS 2003 s $599, but it has also 
lowered the price of SBS Stan- 
dard CALs from $90 (the exist- 
ing price) to $77. This isn't the 
first time Microsoft has 
tweaked the pricing for SBS; 
additional CALs were $60 
when SBS 2003 first shipped. 
Microsoft may have gotten 



the sense that the CALs for SBS 
were under-priced the first time 
around — no one has a compara- 
ble offering — said Rob Enderle, 
principal analyst of the Enderle 
Group. "We'll see if the market 
takes it; the rule of thumb is that 
you can take prices down, but 
never back up." 

Enderle added that market 
conditions create a strong argu- 
ment for customers to sign up 
for Microsoft's Software Assur- 
ance subscription program, 
which offers price protection. 
Most small business customers 
do not take part, he said. 

A Microsoft spokesperson 
said that SBS 2008 can provide 
cost savings in three ways: First, 
customers can buy single CALs; 
second, SBS CALs can now 
extend to other copies of 
Exchange Server, SQL Server 
or Windows Server; and, finally, 
the Premium edition can be 
used for Terminal Services ac- 
cess to applications. 

The company is trying to fill 
a gap in its offerings for the 
mid-market with a new product 
called Windows Essential Busi- 



ness Server 2008 (EBS), for- 
merly known as "Centre" Like 
SBS, EBS will be distributed 
with "Standard" and "Premium" 
offerings, with the Premium 
edition also having SQL Server 
2008 Standard Edition and a 
license for a second Windows 
Server 2008 Standard setup. 

Each edition of EBS includes 
Microsoft Forefront Security for 
Exchange Server, Forefront 
Threat Management Gateway 
Medium Business Edition (for- 
merly Microsoft Internet Securi- 
ty & Acceleration Server), and 
System Center Essentials. 

The Standard edition of 
EBS has a base price of $5,472, 
with additional CALs costing 
$81 each; the Premium edition 
costs $7,163 with additional 
CALs costing $195 each. 

There is a 75-user limit 
imposed on SBS 2008 and a 300- 
user limit for EBS. SBS cus- 
tomers that exceed that product's 
user limit may move up to EBS 
or, alternatively, use standalone 
servers that can be purchased 
through Microsoft's Solutions 
Pathway program at a discount. I 
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you print. With activePDF WebGrabbeC you can dynamically convert any URL, 
HTML stream, or HTML file to PDF on the fly, while maintaining embedded styles. 
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.INFRASTRUCTURE LOG 

_DAY 64: We're rushing our new business capabilities to the 
Web so fast that we might be taking unnecessary risks. 
Are we secure? Are we compliant? How prepared are we for the 
future? I wonder what's waiting for us o round the corner, 

_Maybe I just have on overactive imagination. 

_DAY 67; The answer: IBM Rational AppScan, It gives us the 

tools we need to build security and compliance into our 
applications from the start and throughout their entire 
lifecycle. Now we can find the vulnerabilities and security 
issues in our apps and Web sites and fix them before they 
become a problem. I've never felt safer. 

_Maybe now I can turn the night-light off in my office. 



Rational 



Download a free trial of IBM Rational AppScan at; 
IBM.COMAAKEBACKCONTROL/SECURE 
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Dundas Data Visualization 

By its nature, data visualization is a customer service-oriented technol- 
ogy. That's especially true for Dundas Data Visualization, named to the 
2008 SD Times 1 00 for its excellence in flexible software components. 
The company has been recognized for this distinction six years in a row. 
Dundas creates attractive data visualization components for 
Microsoft technologies, each designed to save developers time, mon- 
ey and effort. 

"We're totally service-oriented," says Troy Marchand, president of 
Dundas. "Our outstanding technical and customer support staff are 
the largest differentiating factors. We have a team that works specifi- 
cally on ensuring client issues get fixed quickly." 

Dundas' average turnaround time is four hours, from inquiry to 
final fix. To make sure customer service requests get an exceptional- 
ly fast response, the company purposefully overstaffs its technical 
support department. How often do you find that in these 
days of long telephone queues and automated respons- 
es? Not often, which is one reason Dundas is so 
popular with its customers and so respected in 
the industry. 

Before customer service even comes 

into play, however, the quality of the 

product that goes out the door is an 

important factor in customer satis- 





faction — and Dundas is on top of its game in QA. 

"We spend enormous amounts of time and mon- 
ey ensuring that our products are the best designed, 
developed and documented," Marchand adds. 

With components for .NET, SQL Reporting Services and Share- 
Point, Dundas provides advanced charts for working with standard 
numerical data, feature-rich gauges for analyzing performance indica- 
tors and comprehensive maps for geographical data. 

Soon, Dundas will offer its most popular add-ons as pre-built 
components. 

"We built a separate team to come up with common use cases, so 
instead of writing add-ons from scratch every time, developers can 
select products off the shelf, which also helps with reduced integra- 
tion time," Marchand says. 

The real winner? You. Dundas boosts its customers' bottom lines 
by providing technologies that are powerful and well designed, and 
that in turn reduces the integration workload for developers. 

"This shortened development effort translates into quicker time-to- 
market and greater agility," Marchand explains. "Our visualization tech- 
nologies have helped many companies sell more product, as we simply 
make their products look better." Learn more at www.dundas.com. (J| 
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J Boss, R Division of Red Hat 

JBoss Enterprise Application Platform integrates, certifies and supports 
innovative technology from a broad range of open-source projects to 
give customers a hardened platform for hosting business-critical appli- 
cations and services. 

It's "innovation without the pain," says Rich Sharpies, director of 
product management for the JBoss Enterprise Application Platform. The 
JBoss.org Application Server project, Apache Tomcat, Hibernate and 
Seam Frameworks are integrated into a single integrated, supported 
and stable enterprise-class distribution. Customers don't waste 
resources keeping all the pieces of their application infrastructure in 
sync, freeing them to focus on the applications and services that differ- 
entiate their business.This is just one of the reasons JBoss was named 
to the 2008 SD Times 100, the industry's annual listing of leaders and 
innovators. 

JBoss Enterprise Middleware is consistently ranked high 
in quality and value, because of the enterprise open- 
source model that couples thriving communities 
with enterprise-class support. As Sharpies 
explains, "A benefit of the open-source mod- 
el is that our customers are much more 
involved in the product life cycle — from 
inception through to release. Everything 
is transparent; there are no surprises. 
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They also benefit from 'selective innovation.' We're able 
to harvest the very best from the broader open- 
source ecosystem. We're not limited to technology 
that we create." 

In addition to production subscriptions, developer subscriptions 
offer expert advice spanning architecture, design, configuration, opti- 
mization and tuning recommendations.And JBoss Operations Network 
simplifies JBoss deployments for application operations teams by dis- 
covering, managing, administering, monitoring and updating JBoss Enter- 
prise Middleware in production. 

All JBoss Enterprise Middleware captures the latest innovations from 
the vibrant open-source development communities and puts the code 
through a rigorous hardening process to ensure it can sustain the most 
demanding workloads.The results are dependable platforms, backed by 
industry-leading support, that are ready to host, integrate, orchestrate 
and/or present mission-critical applications, services and data. "Our 
enterprise open-source subscription model means that our customers 
are in control," Sharpies says. "We earn our customers' business every 
year." Visit www.jboss.com/customers/index today to find out more. (^ 




■ li>£ 



a division of Red Hat 



www.sdtimes.com 



Software Development Times 



■ August 1, 2008 ■ 



NEWS 



27 



PreEmptive Solutions sets .NET app shelf life 



BY DAVID WORTHINGTON 

The creator of portfolio man- 
agement software is giving 
enterprises and ISVs the ability 
to encode end-of-life mile- 
stones into managed code just 
as bureaucrats and lawyers 
stamp expiration dates onto egg 
cartons. 

PreEmptive Solutions Appli- 
cation Shelf Life is a develop- 
ment tool that instruments 
applications with an explicit 
shelf life, as well as being an 
accompanying Web service that 
analyzes user behavior 

Shelf Life works with 
Microsoft Visual Studio 2008 
and PreEmptive's Dotfuscator 
Professional .NET code obfusca- 
tion tool to inject policy-driven 
logic directly into an already- 
compiled application or service. 

Dotfuscator Community 
Edition is bundled with Visual 
Studio; the Professional Edition 
is an upgraded version of the 
Community Edition. 

Policies establish the soft- 
ware's life cycle, defining 
default aging behaviors and 
reporting requirements, as well 



as setting warnings to appear 
ahead of expiration dates. In 
the event of tampering, custom 
policies can trigger an applica- 
tion security response, such as a 
forced re-installation. 

A reporting function sends 
notifications to IT administra- 
tors, ISVs and other stakehold- 
ers. "IT operations wants to 
know just as much as a software 
publisher wants to know," said 
Sebastian Hoist, senior vice 
president of sales and market- 
ing for PreEmptive 

Applications are instrument- 
ed one by one, but PreEmptive 
takes a portfolio-based approach. 
A crawler service produces a 
manifest of existing .NET appli- 
cations across the enterprise in 
order to begin the process of 
integrating Dotfuscator and Life 
Cycles into their development 
life cycle. 

FOCUS ON PORTFOLIOS 

"For the first time, publishers 
may manage old releases as a 
portfolio, just as enterprises 
manage internally developed 
software," said Hoist. However, 



it is not limited to those scenar- 
ios; he noted that it could like- 
wise be used to manage beta 
software and evaluation releases. 
A service component col- 
lects runtime intelligence such 
as feature-level tracking and 
analysis of user behavior, Hoist 
said. The analytical data can be 



fed into BPM, business intelli- 
gence and CRM systems. 

Beyond the obvious market- 
ing applications, an IT adminis- 
trator can use the analytics to 
determine whether an applica- 
tion is being used or if the 
wrong version is in service, 
Hoist explained. 



Enterprises are not always 
sure what they have or if anyone 
uses it, he said, noting that it is 
not an excuse for ad hoc man- 
agement. Deleting an applica- 
tion that is used infrequently, 
such as one employed by a 
financial auditor, can be costly, 
he said. I 



MICRO FOCUS, MICROSOFT TO MODERNIZE COBOL 



BY DAVID WORTHINGTON 

Application management spe- 
cialist Micro Focus has forged a 
strategic relationship with 
Microsoft to deepen the inte- 
gration of the former's COBOL 
tools with the latter s platform 
technologies. 

Micro Focus said it would 
work with Microsoft to develop 
functionality for Enterprise 
Server, Net Express and SOA 
Express products to bring Micro 
Focus' trio of products closer to 
the full Microsoft stack. 

Customers will be able to 
create managed 64-bit code 
with hooks for Microsoft tech- 
nologies, including the BizTalk 
Server, .NET Framework, the 



Server and System Center 
Operations Manager (SCOM), 
SQL Server and Team Founda- 
tion Server, Micro Focus said. 

As a result, BizTalk will be 
able to connect to enterprise 
COBOL applications and 
SCOM will manage those appli- 
cations, while SQL Server will 
be used as Micro Focus' prima- 
ry data platform for enterprise 
applications, said company 
CTO Stuart McGill. 

"The purpose of this rela- 
tionship [with Microsoft] is for 
our customers to be able to take 
COBOL applications that are 
running their business and have 
them play a full part in the Win- 
dows environment and .NET," 



he said. While Micro Focus' 
current products do not specify 
that customers should have the 
full Microsoft stack in place, 
future versions will, he noted. 

Ultimately, COBOL applica- 
tions would be more reliable, 
perform better and be easier to 
manage on Windows, McGill 
added. 

"Modern [programming] 
architecture now means that it 
is far more important that appli- 
cations fit into a prescribed 
architecture than what language 
they are written in," he said, 
adding that COBOL application 
"components can be deployed 
across the enterprise in a host of 
different ways." I 



eCMfof FREE 1 



Get speed 
and control 

Your team is agile and fast - 
thanks to your software 
configuration management 



Easy To Install 





> 



PureCM 

purecm.com 



&»*,*■ «„..■!■. ii., I. p.-h, r+Fipn-..™ 



Cj sotans 40 






28 



NEWS 



Software Development Times . August 1 r 2008 . 



www.sdtimes.com 



'Nothing to worry about/ Oracle 



BY ROBERT MULLINS 

Oracle said that customers of 
recently acquired BEA Systems 
would not be forced to switch 
to Oracle software, but selected 
BEA products — and some Ora- 
cle ones as well — eventually 
will be phased out. 

In an hourlong Webcast 
recently two Oracle executives 
detailed the company's product 
road map in the wake of its 
US$8.5 billion purchase of 
BEA in January. Although 
BE As Web Logic application 
server emerges as the flagship 
product over Oracle s Applica- 
tion Server, Oracles JDevelop- 
er will become the dominant 
IDE. Meanwhile, a suite of 
BEA developer tools will be 
condensed into a package that 
will be given away free. 

Although Oracle's president, 
Charles Phillips, noted that 
most of the consultants, engi- 
neers and salespeople at BEA 
have moved over to Oracle, he 
said nothing about the un- 
known number of marketing 
people who reportedly have not 
made the move. 

However, no BEA customers 
would be cut off from support 
for the products they now use, 
Phillips said. 

"There is nothing to worry 
about; there will be no forced 
migration at all," he insisted. 

RELABELING AND CONVERGING 

BEA products that Oracle 
deems strategic to the Fusion 
Middleware line, and which can 
be adopted without any design 
changes, will be relabeled as 
Oracle. Those that overlap with 
Oracle products will "converge" 
with their counterparts during 
the next six to 18 months, 
added Thomas Kurian, Oracle s 
senior vice president of middle- 
ware platform development. 

Other BEA products may 
need some work to incorpo- 
rate Fusion technology, but 
customers will still have the 
option of choosing the original 
BEA products, he added. All 
of the update schedules previ- 
ously set for BEA products 
will stand, and any products 
that were already set for 
phaseout by BEA will be sup- 
ported by Oracle for at least 
five years. 

Getting answers about sup- 
port for the Web Logic applica- 
tion server was probably the 
biggest load off the minds of 



BEA customers, said Maureen 
Fleming, program director of 
business process automation 
and deployment at research 
company IDC. 

"It kept BEA customers 



thinking, 'Oh good, my Web- 
Logic investment is not going to 
blow up on me,' " Fleming said. 
But BEA customers will have 
to "think through" other sections 
of the road map, she added. 



Oracle is selecting its JDe- 
veloper IDE for building appli- 
cations, the company stated, 
over the Eclipse-based Web- 
Logic IDE. In addition, BE As 
AquaLogic portal will be ab- 



sorbed into Oracle's WebCen- 
ter Suite for developing Enter- 
prise 2.0-enabled portals and 
Web applications. 

The "AquaLogic portal will 
continue, but it won't be part of 
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assures BEA users 



the Fusion Middleware stack, 
so that will be a little bit dis- 
combobulating," Fleming said. 
The BEA Workshop tools 
will still be available, though 
they will be condensed into a 



set of tools to be called the 
Oracle Enterprise Pack for 
Eclipse, said Duncan Mills, 
senior director of tools prod- 
uct management for Oracle 
Fusion Middleware. 



BEA has offered various 
versions of Workshop tools pri- 
marily focused on Java coding, 
such as JavaServer Pages, 
JavaServer Faces, Struts and 
other specialties, Mills added. 



On the other hand, JDeveloper 
has been focused on more high- 
level programming, including 
SOA orchestration, framework 
tooling and TopLink (its imple- 
mentation of the Java Persis- 
tence API), which Oracle do- 
nated to the Eclipse open- 
source community this year as 
EclipseLink. 




BEA Workshop offerings, 
which together made up a 
$900 suite, will be added into 
Oracle Enterprise Pack for 
Eclipse and given away for 
free, Mills noted. "IDEs are 
enablers of the platform, not 
something you make money 
off of. They're something that 
helps the platform be more 
effective." 

Oracle believes that combin- 
ing the BEA Workshop tools 
into Oracle Enterprise Pack 
while simultaneously support- 
ing the Oracle JDeveloper IDE 
will serve the interest of BEA 
developers, who are mostly 
coders, as well as Oracle devel- 
opers who work at more high- 
level tasks, Mills pointed out. 

THE 'ECLIPSE BABY' 

"We are not going to throw the 
Eclipse baby out with the bath 
water," he assured customers 
of BEA. 

Phillips also sought to assure 
BEA customers that most of 
the BEA employees with whom 
they worked are now at Oracle. 
"Your sales reps should be the 
same and . . . the vast majority of 
support engineers have stayed 
on board as well," he said on 
the Webcast. Most R&D engi- 
neers also have made the move 
to Oracle. 

But Phillips didn't mention 
the BEA marketing staff. "Of 
course not," noted IDC's 
Fleming. "There was almost a 
bloodletting in the marketing 
organization." 

Like SD Times, Fleming has 
been unable to get Oracle to 
reveal exactly how many mar- 
keting people at BEA or Oracle 
were let go in the wake of the 
merger. 

But Fleming had an inkling 
that marketing staff would be 
cut when she got a preview of 
which products would stay or 
go after the acquisition. 

"You could see in April that 
there was going to be a lot of 
product rationalization . . . and a 
lot of the duplicate roles were 
in the marketing organization." 

Some BEA people were 
hired away by Oracle's com- 
petitors, while others could 
have been assigned to other 
marketing units in the newly 
merged company, she added. 
But an Oracle spokeswoman 
declined to comment on work- 
force reductions. 

Oracle officials will embark 
on a 70-city tour this summer to 
further explain the company's 
product strategy to customers 
of BEA. I 
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Sun's integration of MySQL gets off to smooth start, 



< continued from page 1 

sorely needed. MySQL 5.0, 
introduced in 2005, was 
plagued by bugs, and the com- 
pany was slow to fix many of 
them, Mickos said. Post-acqui- 
sition, 65 Sun engineers joined 



about 150 MySQL engineers 
in putting what should have 
been the finishing touches on 
MySQL 5.1. But new bugs 
found in June forced a post- 
ponement of the release, 
which had been scheduled for 



the end of that month. A pro- 
duction release was expected 
to ship before Aug. 1, said 
Zack Urlocker, a MySQL 
transplant and now vice presi- 
dent for MySQL products at 
Sun. 



It's not just a matter of 
throwing bodies at the prob- 
lem, either. According to 
Urlocker, the testing of MySQL 
5.1 was using five to 10 times as 
many internally owned servers 
than MySQL had available for 



"In some projects we have five simultaneous 
database environments to keep in synch. 
I downloaded the SQL tools from Red Gate and the 
next 14 days were the best SQL days in my life." 

G. Haraldsson Kaupthing Bank 



"SQL Compare and SQL 
Data Compare synched 
30,000 product lines and 
the 12 associated tables 
in less than 20 minutes 
- a task that takes 
the best part of 
a day manually!!! 
Go try it and buy it 
NOW." 

Paul Cooke Boretec IT Ltd 






"SQL Compare and SQL Data 
Compare are the best purchases 
we've made in the .NET/SQL 
environment.. .We rely on these 
products for every deployment." 

Paul Tebbutt Technical Lead, Universal Music Group 



"I am literally staggered at 
how much more efficient 
it is to perform simple 
data transportation with 
SQL Data Compare. In 
some cases, it's up to 10 
times faster with SQL Data 
Compare than it would be 
with DTS." 

Nick Stansbury SAGE Partners Ltd 



"Red Gate's SQL Data Generator has 
overnight become the principal tool we use 
for loading test data to run our performance 
and load tests." 

Grant Fritchey Principal DBA, FM Global 



"SQL Prompt is a must-have 
tool for all T-SQL developers." 

Brian Brewder Brian Online 



"There are times that I love this 
business - this would be one 
of them. Because without SQL 
Compare, and given 700 rows 
in sysobjects plus 13,000 rows 
in syscolumns in the production 
db, it would've taken me hours 
to find... Now, what to do with 
the rest of my day :-)" 

Mark McGinty Database Analyst/Consultant 



"I used SQL Compare with a previous employer 
and loved it so much I brought the experience 
here. This time, we bought the whole package. 
Love it!" 

Jim Franklin Lead Solutions Developer, J2 Aircraft Dynamics 



The Sound of Productive 
Developers and DBAs 

The Red Gate SQL Toolbelt makes developers and DBAs talk. 
Our tools make you very fast and very accurate and this is clearly 
news that's worth passing on. Download a free trial of the most 
talked about tools for SQL Server. You'll save your company so 
much time you might find you want to share the news. 
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testing when it was a standalone 
company. 

"If you look back to when we 
shipped 5.0, there was no QA 
staff," he quipped. "We couldn't 
even spell QA." 

Sun's ownership also gives 
MySQL credibility with large 
business customers that it had 
lacked, noted Matt Aslett, an 
enterprise software analyst for 
The 451 Group. Because 
MySQL focused on meeting 
the database requirements for 
Web-based applications, most 
of its customer wins were Inter- 
net-based companies, while 
offering a free, open-source 
version made it a favorite of 
startups, Aslett said. 

Prior to the acquisition, 
MySQL embarked on a two- 
year product road map to add 
features important to large 
companies and institutions, 
such as disk-based clustering, 
online backup and data audit- 
ing, Aslett added. With MySQL 
operating as part of Sun, those 
features have become increas- 
ingly important. 

However, because MySQL 
specialized in Web-based 
applications and lacked a sig- 
nificant support operation, it 
still hadn't made much head- 
way in the traditional enter- 
prise market, added Stephen 
O'Grady, an analyst at the 
research firm RedMonk. 

NOT A HIGH-END HIT 

"MySQL is a phenomenally 
popular relational database 
[Web-based applications]. But 
if we're talking about high-end 
mission-critical installations, it's 
nowhere near as popular," 
O'Grady noted. 

Urlocker is already seeing 
the benefits of Sun's ability to 
open once-barred doors. He 
recently met with potential new 
customers in Chicago, Cleve- 
land and Milwaukee and noted, 
"As MySQL, we could not get 
those kinds of meetings." 

As for MySQL's employees, 
they have been left largely 
untouched by Sun and still have 
their MySQL.com e-mail 
addresses. The exception is 
MySQL's sales and service 
staffs, which now report to Sun 
supervisors. MySQL's U.S. 
offices remain in Cupertino, 
Calif., and Sun's main offices 
are in nearby Santa Clara and 
Menlo Park, Calif. 

Although Sun hopes to sell 
its Solaris operating system to 
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but open-source thrust still taking shape 



MySQL customers, Sun knows 
that the most popular OS on 
which MySQL runs is Linux, 
followed by Windows, and then 
Solaris, Mickos said. 

"I want all the success for 
Solaris, but MySQL has a mis- 
sion to build a database busi- 
ness ... that means continued 
support for Linux and Win- 
dows," Mickos declared. 

Although Sun said it is not 
going to pressure Linux or Win- 
dows users to switch to Solaris, 
there are other ways to 
approach the market hand-in- 
hand with MySQL, said Rich 
Green, Sun's executive vice 
president of software. 

MySQL has considerable 
presence in Internet-based 
companies, Green noted, and 
even if the user runs it on Lin- 
ux, Sun sells x86 servers run- 
ning Linux, providing synergy 
on that front. 

In addition, though many of 
the Global 500 companies may 
run legacy IBM or Oracle data- 
base software, they are also 
deploying MySQL on a depart- 
mental basis and tend to run 
that on OpenSolaris, Sun's 
open-source version of the 
operating system. 

Finally, Sun is seeing some 
uptick in the use of OpenSolaris 
at Web 2.0 companies, which 
Green said could create some 
sales synergy with Solaris and 
MySQL. 

"But that's something the 
market will decide, not any 
alteration or bias that we'll pro- 
ject into the market," Green 
commented. 

Sun can also spur MySQL's 
adoption by improving the 
product, said The 451 Group's 
Aslett. During the next two 
years, he noted, MySQL plans 
to add features such as data 
auditing, disk-based clustering, 
online backup and transparent 
data encryption in future re- 
leases. Sun can help to acceler- 
ate those developments, he 
added. 

'MOST IMPORTANT' PURCHASE 

The MySQL acquisition was 
described as "the most impor- 
tant acquisition in Sun's history" 
by Sun CEO Jonathan 
Schwartz, because it advances 
Sun's strategy as an open- 
source company. If open-source 
software can stimulate the com- 
puter industry, more sales 
opportunities would be created 
for Sun servers, services and 



storage, Schwartz and other 
executives have noted. 

But Sun's falling stock price 
shows that the open-source 
strategy isn't yet paying off for 
shareholders. In mid- July, 
when this article went to press, 



Sun's stock was trading at under 
$9 a share, from a high of more 
than $26 during the first quar- 
ter of 2007. 

As Aslett noted, "Sun's strat- 
egy relies as much on the 
patience of its investors as it 



does on customer adoption of 
open-source software." 

On July 9, Sun announced 
plans to cut 1,000 jobs in Sep- 
tember in the U.S. and Canada. 

Still, Sun considers the 
MySQL buy a success. MySQL 



can benefit from Sun's services 
operation, Green said, while 
Sun can learn from MySQL's 13 
years of experience building a 
business based on open source. 
Green's own proof of the 
integration's success: He mem- 
orized the lyrics to "Helan gar" 
months ago, on the flight to 
Orlando. I 
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You know you need a digital dashboard, now what? 

LookTo Dundas Consulting For Unmatched Expertise In Building Custom Dashboard Solutions 

Let Dundas Consulting work with you or your development team to create a complete digital dashboard application, custom tailored 
to your needs. We are experts in the data visualization field and can build executive dashboards for any vertical. Dundas Consulting is 
focused on getting you the results you seek while saving you time, frustration and money. 

Dundas makes award-winning data visualization software used by Fortune 500 companies around the world. Let us employ our 
industry-leading ASP.NET, Reporting Services and SharePoint components into your digital dashboard - we'll help you tell the right 
story with your data. 

Visit www.dundasconsulting.com to see our full "dashboard portfolio" gallery and online interactive demos. Remember, every 
company is different. Choose a custom solution and view your KPIs in a manner that best suits your business. Dundas Consulting can 
work with your team to show you how! 
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RAZY TO WA 
TO NETWORK WITH O 
TESTERS AND DEVELOPER 

WE DON'T THINK SO* which is why we've planned these 
great opportunities for you to talk with your colleagues, class- 
mates and instructors: 

LIGHTNING TALKS - Each speaker has only 5 minutes 

to WOW you with an ideal 

Wednesday, September 24 / 5:00 pm - 6:00 pm 

HANDS-ON TOOL SHOWCASE - Demos and drinks! 
Wednesday, September 24 / 6:00 pm - 8:00 pm 

ATTENDEE RECEPTION 

Thursday. September 25 / 5:00 pm - 7:00 pm 



WEmatt d?r c!Z» 



HEAR WHAT ATTENDEES HAVE TO SAY ABOUT STPCONI CHECK OUT A VIDEO FROM 
THE LAST EVENT AT WWW.STPCON.COM 
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WS02 Mashup Server 1.5 employs OpenID to authenticate its users. 



WS02 adds OpenID 
to Identity Solution 



BY DAVID WORTHINGTON 

In the absence of a universal authentica- 
tion scheme to verify digital identity, an 
open-source Web application frame- 
work provider is combining complemen- 
tary technologies to fill the void, and is 
applying that same solution to secure its 
new mashup server for Web services. 

WS02 introduced version 1.5 of WS02 
Identity Solution on July 11, then followed 
up with WS02 Mashup Server 1.5 on July 
21. The mashup server is WS02s platform 
for creating, deploying and consuming 
composite Web services, while Identity 
Solution authenticates user access. 

Identity Solution 1.5 adds OpenID 
support to its existing capabilities 
around information cards, including 
Microsoft CardSpace technologies. 
Open ID is an open-source decentral- 
ized protocol for single sign-on and 
portable identity that is overseen by the 
OpenID Foundation. 

The framework relies on a set of 
components that plugs into Apache 
HTTPD and Java Web servers, imple- 
menting CardSpace and OpenID 
authentication by relaying requests to an 
authentication server. 

Identity Solution makes use of Security 
Assertion Markup Language 2.0 for identi- 
ty management. SAML, as the language is 
known, is an XML-based standard for 
exchanging authentication and authoriza- 
tion data between security domains. 

Identity Solution now allows the use of 
both the 1.1 and 2.0 OpenID standards, 
and its support is based on a library from 
Google Code, called OpenID4Java. It also 
implements other extensions to the 
OpenID model, including Attribute 
Exchange (tinyurl.com/ywh2bm), Pro- 
vider Authentication Policy Extension 
(tinyurl.com/6gf2cv) and Simple Regis- 



tration (tinyurl.com/o2hbp). 

The open-source components form a 
comprehensive back end, said Ruchith 
Fernando, WS02 technical lead and Iden- 
tity Solution s product manager. Web sites 
that use InfoCard invoke a card selector 
on the local machine during login; this is 
built into newer versions of Internet 
Explorer and is available as a plug-in for 
older IE releases and for Firefox, said 
WS02 CEO Sanjiva Weerawarana. 

IN THE CLOUD' 

InfoCards can be stored locally or "in 
the cloud," explained OpenID commu- 
nity board member Drummond Reed, 
CTO of Cordance; the user's card selec- 
tor requests a digitally signed token from 
a secure third-party service, which is 
returned to the browser and used to 
complete the login. 

Identity Solution includes a Web- 
based management console, called 
Identity Provider. Alternatively, it 
works with LDAP and Microsoft Active 
Directory. 

Mashup Server incorporates identity 
solution to authentication users. For 
more finite access control, it also has 
new WS-Security-based configuration 
extensions set permissions for service 
access. 

Also new, Mashup Server has an 
interface for managing mashup services, 
in addition to integrated data services, 
Google Gadget support, and various API 
and configuration extensions. 

Both Identity Solution and Mashup 
Server are open source and free of cost. 
WS02 offers a range of service and sup- 
port options for its products, including 
consulting, support and training, and it 
also sponsors feature development by 
interested members of the community. I 



Production-Proven 
Distributed Caching 



Every day hundreds of millions of 
data caching operations are handled 
by ScaleOut StateServer - routinely 
seamlessly, and blazingly fast. 






Linear scalability and high-availability 
are why ScaleOut StateServer has 
been selected for thousands of 
production servers today, running 
under the most stressful loads. 

Whether you have a 2 server Web 
farm or an enterprise compute 
grid, let ScaleOut StateServer 
help you reach peak performance. 



ScaleOut 
StateServer 

Distributed Caching 
for .NET & Linux 
Farms & Grids 
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® ScaleOut Software 

www.scaleoutsoftware.com I tel. (503) 643-3422 
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Windows 7 might take a page from .NET 



< continued from page 1 

implement a new UI frame- 
work for Windows. 

The posting (tinyurl 
.com/6ns2xn) noted in part that 
the framework would "elim- 



inate much of the drudgery 
of Win32 UI development and 
enable rich, graphical, animat- 
ed user interface [sic] by us- 
ing markup-based UI and a 
small, high-performance, na- 



tive code runtime." 

The listing (tinyurl.com 
/5kwh7y) has since been modi- 
fied to the point of ambiguity. 

The technical disclosure 
detailed in the job posting 



reveals that Windows 7 may 
have features remarkably simi- 
lar to .NET Windows Presenta- 
tion Foundation (WPF), the 
graphical subsystem in .NET 
Framework, and Microsoft Sil- 



Your best source for 
software development tools! 



Paradise # 
L05 01101A02 

$ 800." 



5-User Pack 
Paradise # 
T34 0208 

$ 1,4 14." 



.NET Edition 
Paradise # 
D77 01201A01 

$ 476." 



Paradise # 
SC5 03101A01 

$ 3,294." 



800-445-7899 
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LEADTOOLS 
Raster Imaging Pro 

by LEAD Technologies 

Load, save and convert 1 50+ image formats 
including TIFF, EXIF and PDF, supporting many 
compressions. Acquire images from TWAIN or 
32/64bit WIA devices. Apply transforms, color 
space conversions and 200+ region aware 
image processing routines. Also includes high 
level display controls, thumbnail browser, pan 
window and imaging common dialogs. 
•.NET, API, C++ Class Libraries & WPF 
•AJAX and ASP.Net Web Form Controls 
•COMInteropwrapperfor.NET 

• Royalty Free 

programmers.com/lead 

DevTrack Small Team Edition 

Powerful Defect and Project Tracking 
by Tech Ex eel 

TechExcel DevTrack is the most powerful, i 

affordable and easy-to-use defect and project 
tracking tool for development organizations. 
You'll dramatically transform your development i 
processes, save significant time and resources, ! 
and deliver quality products on-time and 
on-budget. 

• Sophisticated workflow engine 

• Point-and-click administration 

• Fully configurable user interface 

programmers.com/techexcel j 

NEW: IP*Works! Version 8 \ 

by /n software 

The latest evolution of the most comprehensive i 
suite of Internet communications components 
for professional developers is here! 

A leap forward in design, performance, and 
new functionality with support for every major j 
Internet protocol including - FTP, HTTP, SMTP, 
POP, IMAP, LDAP, DNS, RSS, SMS, Jabber, 
SOAP, WebDav, REST, ATOM, RAS, XML, and 
many more! 

Call for pricing on the Java Edition 



programmers.com/nsoftware 

StorageCraft ShadowProtect 
IT Edition v3.x 

by StorageCraft 

Create, edit or restore backup images on as ! 

many servers, desktops and laptops as needed. ! 

Create online or cold state backups in minutes, ! 

no software installation required. StorageCraft™ j 

ShadowProtect IT Edition provides complete j 

bare metal recovery in minutes. ShadowProtect j 

IT Edition provides IT Professionals with a j 

bootable Windows environment to create and • 
restore compressed and encrypted backups, 
no software installation required. 



programmers.com/storagecraft 



j dtSearch Engine for Win & .NET 

| Add dtSearch's "blazing speeds" 

| (CRN Test Center) searching and 

| file format support 

j • dozens of full-text and fielded 
i data search options 

i • file parsers/converters for hit-highlighted 
| display of all popular file types 

i • Spider supports dynamic and static web data; 
highlights hits with links, images, etc. intact 

: • API supports .NET, C++, Java, SQL and more; 
! new .NET Spider API 



Single Server 
Paradise # 
D29 02101A07 

$ 873." 



"Bottom line: dtSearch manages a terabyte of 
text in a single index and returns results in 
less than a second. " — InfoWorlc 

programmers.com/dtsearch 

c-tree Plus® 

by FairCom 

With unparalleled performance and sophistication, 
c-tree Plus gives developers absolute control over 
their data management needs. Commercial 
developers use c-tree Plus for a wide 
variety of embedded, vertical market, 
and enterprise-wide database applications. 
Use any one or a combination of our flexible 
APIs including low-level and ISAM C APIs, simplified 
C and C++ database APIs, SQL, ODBC, or JDBC. 
c-tree Plus can be used to develop single-user and 
multi-user non-server applications or client-side 
application for FairCom's robust database server 
— the c-treeSQL™ Server. Windows to Mac to 
Unix all in one package. 



VMware Management 
& Automation Bundle 

VMware Virtual Datacenter 
Automation is the first automation 
solution for the virtualized 
datacenter. It leverages the power 
of VMware Infrastructure to automate 
the previously manual and error-prone 
processes of IT Service Delivery and 
Business Continuity. IT Service Delivery 
represents the entire lifecycle for managing 
application infrastructure — from request, to 
deployment and eventual decommissioning. 
Business Continuity is ensuring fast, reliable 
and manageable recovery from disasters. 
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Paradise # 
F010131 
99 



711/ 

programmers.com/faircom 



Altova® MapForce® 2008 

Visual Data Conversion, ^^^ 

Transformation, and ^^ 

Integration Tool 
by Altova 

MapForce: The premier data mapping, 
conversion, and integration tool from 
the creators of XMLSpy®. Through 
its visual interface, users can map 
seamlessly between any combination 
of XML, database, flat file, EDI, and/or 
Web service, then convert data instantly 
or auto-generate an application for 
recurrent transformations. Languages for 
code generation include: XSLT 1 .0/2.0, 
XQuery, Java, C++, and C#. 



ALTOV A 9 
mapforce 8 



Enterprise Edition 

1 user 

Paradise # 

IOD03101A02 

$ 1,282." 

programmers.com/altova 



Telerik RadControls 

by Telerik 

Add grid, combo, editing, navigation and charting 
functionality to your AJAX and ASP.NET projects. 
RadControls for ASP.NET enhances your Web 
applications by adding AJAX functionality to your 
ASP.NET projects. The suite takes full advantage 
of the features included in Visual Studio 2005. 
RadControls for ASP.NET helps developers deliver 
feature-rich, standards-compliant (WAI-A, WCAG 
1.0, XHTML 1.1) and cross-browser compatible 
Web applications, while significantly cutting 
their development time. RadControls for ASP.NET 
includes: RadEditor, RadTabstrip, Radlnput, 
RadCalendar, RadUpload, RadWindow, RadAjax, 
RadGrid, RadCombobox, RadMenu, RadSpell, 



y 






Single Developer 

Paradise # 

TB3 01 101A01 

$ 726." 



RadChart, RadTreeview and more. 




Paradise # 
! V55 61 201C01 

$ 3,414." 

programmers.com/vmware 



TX Text Control 14 

Word Processing Components 

TX Text Control is royalty-free, 
robust and powerful word processing 
software in reusable component form. 

•. NET WinForms control for VB.NET and C# 

• ActiveX for VB6, Delphi, VBScript/HTML, ASP 

• File formats DOCX, DOC, RTF, HTML, XML, TXT 

• PDF export without additional 3rd party 
tools or printer drivers 

• Nested tables, headers & footers, text 
frames, bullets, numbered lists, multiple 
undo/redo, sections, merge fields 

• Ready-to-use toolbars and dialog boxes 




Professional Edition 
Paradise # I 
T79 02101A01 

$ 811." 



programmers.com/theimagingsource 



Enterprise Architect 7.1 

Visualize, Document and 
Control Your Software Project 
by Sparx Systems 

Enterprise Architect is a comprehensive, 
integrated UML 2.1 modeling suite 
providing key benefits at each stage of 
system development. Enterprise Architect 
7.1 supports UML, SysML, BPMN and 
other open standards to analyze, design, 
test and construct reliable, well under- 
stood systems. Additional plug-ins are 
also available for Zachman Framework, 
MODAF, DoDAF and TOGAF, and to 
integrate with Eclipse and Visual Studio 
2005/2008. 



Afc'»M 



Corporate Edition 

1 -4 Users 

Paradise # 

SP6 0001 

$ 196." 

programmers.com/sparxsystems 



Multi-Edit 2008 

by Multi Edit Software 

Multi-Edit 2008 delivers, a powerful IDE, 
with its speed, depth, and support for 
over 50 languages. Enhanced search 
functions include Perl 5 Regular 
Expressions and definable filters. 
Supports large DOS/Windows, UNIX, 
binary and Mac files. File Sync 
Integration for: Delphi 6, 7, 2005, 
C++Builder 6, BDS 2006 and RadStudio 
2007,VB6,VC6,VS2003&VS 
2005. Includes file compare, code 
beautifying, command maps, and 
much more. 



programmers.com/telerik 



1-49 User 
Paradise # 
A30 01201A02 

$ 161." 

programmers.com/multiedit 
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verlight, a subset of WPF, use 
XAML, which is an XML- 
based markup language that 
defines UI elements. 

A spokesperson said that 
Microsoft was not providing 
more details on features of Win- 
dows 7. However, a well-placed 
source told SD Times that Win- 
dows 7 would be a principal top- 
ic at PDC and that a test build 
could be released there. 

Other revelations will be 
new Windows Live services, 
improvements to Virtual Earth 
and Windows Mobile 7. 

What's more, the company 
will tip details on its Oslo initia- 
tive, Steven Martin, director of 
product management for 
Microsoft's Connected Systems 
Division, said in a June interview. 

On the topic of Windows 7, 
"It wouldn't surprise me to see 
Win32 being slowly extended 
in parallel with .NET," said Jef- 
frey Hammond, a senior ana- 
lyst with Forrester Research, in 
an e-mail. 

STILL COMPELLING 

Hammond went on to point 
out that "there are still a lot of 
Win32 apps that make Win- 
dows a compelling platform 
(games, browsers, media play- 
ers). If these were to get 
pinched off from the most 
recent advances in core com- 
ponents of the platform, it 
starts to make the platform less 
compelling over time." 

Hammond added that the 
integration of certain aspects 
of the .NET feature set into 
Windows would not trigger 
a shift back to C + + and "all the 
headaches pointers create," 
because the transition to .NET 
is well under way in the en- 
terprise. 

Rather, he noted that it 
would be more meaningful for 
ISVs, game developers and 
those who are "hard core" pro- 
fessional developers. 

In contrast, Directions on 
Microsoft analyst Michael 
Cherry erred on the side of cau- 
tion, saying he is always nervous 
about reading too much into 
conference agendas. 

One analyst sees Microsoft 
as keeping its options open. "I 
think Microsoft gets a lot of 
requests for subsets of func- 
tionality and standalone ver- 
sions. It could be hit or miss," 
said Laura DiDio, a research 
fellow with the Yankee Group. 
"It's tough to say without hav- 
ing all of the facts, and they 
have a fallback position" in 
canceling the sessions. I 
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McCabe scoops up Agitar's technology 



< continued from page 1 

intellectual property. Sherwood 
sent a notice of assignment to 
creditors — an alternative to 
bankruptcy — on Agitar's behalf. 

Agitar had produced a Java 
unit-testing suite called Agi- 
tarOne — built on its AgitarOne 
Agitator testing technology — 
that automatically generates test 
cases and analyzes the results. 

In a May interview with SD 
Times, Jerry Rudisin, CEO of 
Agitar Software until April, rea- 
soned that Java unit testing was 
the wrong horse to back 
(tinyurl.com/6ydthg). "The prac- 
tice works, but it hasn't taken off 
as a mainstream practice," he said. 

"I'm not surprised that 
someone bought the technolo- 



< continued from page 3 

able, events that demonstrate 
that deployers as well develop- 
ers remain susceptible to Mur- 
phy's Law. 

It's not good to have some 
customers unable to activate 
their new iPhones three days 
after receipt, as some reports 
said. Still, Apple's halo will be 
polished before long — thanks 
partly to the fanboy bloggers and 
"journalists." And the problem 
won't be activation, but supply. 

That assumes people are will- 
ing to overlook the software 
offerings for iPhone, which 
appear to be same old, same old. 

I looked at the App Store on 
July 15, and I wasn't impressed. 
The bulk of the content consist- 
ed of games. The "business" sec- 
tion was nothing special: some 
simple tools of the mortgage 
payment/tip calculator genre, for 
the most part, with a front end 
for Bank of America's online 
banking service as the sole tool 
from a company I had heard of. 

Although the App Store's 
collection of software might 
help me choose my next bank, 
the early viewing tells me that 
it's deja vu all over again. This 
isn't much better than the col- 
lection of applications I've been 
able to get from my smart- 
phone's maker and my carrier 
since 2005. 

Maybe there are killer apps 
for the handset out there near- 
ing release. All I know is that if I 
walk into an Apple store in the 
next couple of months, I won't 
be walking out with an iPhone. I 



gy," said Mark Driver, research 
vice president at Gartner. "We 
never saw their technology 
being a problem; their demise 
was their execution to market." 
David Belhumeur, McCabe's 



CEO, said in a prepared state- 
ment, "Agitar has won a multi- 
tude of industry and technology 
awards over the years, and the 
company has a passionate follow- 
ing in the marketplace, particular- 



ly in agile development circles." 

McCabe's flagship products 
are McCabe IQ (tinyurl.com 
/51yzw5) and McCabe CM. On 
the one hand, they report on 
code complexity and quality; on 



the other, they manage and 
track the application life cycle. 

"[Agitar] had a good set of 
technologies that served a need 
early on in the QA process," said 
Driver. 

In his remarks, Belhumeur 
said that the companies' prod- 
ucts are complementary and not- 
ed they share many customers. I 




Seeing is befievrng - find out lor yourself how A ft ova U Model 40 2003 is the easy to use and cost-effective 
starting point for visual software development With UML. 
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Use case 



Sequence diagram 



Activity d I eg ram 



Class diagram 



* First UML tool to support the latest 
language! versions: C# 3.0, Visual Basic 9<0 

* Code engineering for most recent Java 6.0 
specification 

* Business process modeling 

■ Diagram layers that can be 
individually hidden or viewed 
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* Support for all 13 UML 2 A diagram types 

* Generate application code In Java, C#, and VB.NET 

* Synchronise model and code through round trip 
engineering 

* Model XML Schemas in UML 

* Model business processes in BPMN diagrams 

* Automated create customizable project 
documentation 

* Integrals iightly with Visual Studio* and Eclipse 

* Hyperlink diagrams, documents, and Web pages 

* Reverse engineer Java, C#, and VB.MET code 
and binary fifes 

* Model interchange via XMI 2.1 



UModel empowers you to design your applFcalion with support 
for all 13 UML 2.1 diagrams, plus a UML-style XML Schema 
diagram for XML data architectures in your project. General* 
code in Jaua, Cfr. or Visuaf Basic, Then enhance either Hie 
cod* or model, and synchronize with round-trip engineering. 
Or reverse-engineer an exiting application for visual analysis. 
UModel adapts to your development style - you can run it 
inside Visual Studio. Eclipse, or as a stand-atone tool. 

UMode4 makes visual software design practical for any project I 
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Test drive UModel for yourself - Download a free. 30-day trial at w ww.aUova.com 
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/n software 

While network communications and messaging are critical com- 
ponents of every modern software application, there is nothing 
glamorous or exciting about them. Rarely do end users ever see 
the networking components of a solution. In fact, the only time 
most end users witness communication code is typically in the 
form of error messages resulting from a connectivity problem. 

What you need is robust and reliable communications and, in 
the event of the inevitable connectivity issue, an expert support 
team to help get your integrated solution back on track. For 
more than a dozen years, /n software has specialized in just that, 
providing the tools, components and support critical to the suc- 
cessful integration of Internet communication, security and e- 
business connectivity. 

Eric Madriaga, vice president of marketing for /n soft- 
ware, explains that the company's Red Carpet Subscrip- 
tions provide a comprehensive suite of tools and 
components for connected development. 
Included is everything you need in one 
package, covering all the major proto- 
cols—from FTP to IMAP to SNMP, SSL 
and SSH security, S/MIME encryption, 





digital certificates, credit card processing, ZIP com- 
pression, instant messaging, shipping and tracking, 
and e-business (EDI) transactions. 

The Red Carpet Subscriptions contain no licensing restric- 
tions, so your developers can code on their work machines, 
notebooks or even at home. There are no technology restric- 
tions, so you get everything from .NET to COM, C++,Java, Pock- 
et PC, Unix, Linux, Mac OS X, BizTalk Adapters, SQL Server SSIS 
Tasks, PowerShell Cmdlets and more. 

World-class support is integral to the /n software experience, 
adds Madriaga. "Support is not just a part of our business; sup- 
port is our business.We act as a virtual extension of your team, 
helping you finish projects faster and within budget. Our cus- 
tomers don't just buy software; they also secure the ability to 
solve a problem at the present, together with assurances we'll be 
there in the future." 

/n software removes the burden of connectivity so you can 
focus on your business requirements and feel confident that you 
have a team ready to support you through any of your integra- 
tion challenges. Learn more at www.nsoftware.com. Q> 

<£) software 
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Sybase 



Data management is critical to successful enterprise business 
practices. No company knows that better than Sybase, named to 
the 2008 SD Times 100, which lists the software development 
industry's leaders and innovators. "We work hard to make some 
of the most reliable data management products in the market," 
says David Jonker, Sybase's database product marketing manager. 
"In fact, a recent survey of customers located in North America 
indicated that reliability and stability are the number one reasons 
they use Sybase Adaptive Server Enterprise (ASE), our mission- 
critical data management system." 

"Sybase has taken a fundamentally different approach to pro- 
viding data management solutions.We've built best-in-class data- 
bases optimized for specific uses, including extreme transactions, 
analytics, mobile and embedded environments," Jonker says. 
"Sybase designs each data management solution for fast, 
efficient performance in different environments and for 
specific uses. Customers can choose the best-fit 
technology to meet their requirements." 
Because of this flexibility, ASE is consistent- 
ly the database product of choice for 
some of the largest financial institutions 
in the world with critical trading and 
transaction systems. 





It's official: Sybase's IQ Analytics Server holds the 
Guinness World Record for the largest data ware- 
house, certified to support a record-breaking 
petabyte of mixed relational and unstructured data — which is 
more than 34 times bigger than the largest industry standard 
benchmark. And Sybase's SQL Anywhere powers the largest 
enterprise mobile database deployments, with companies syn- 
chronizing thousands of mobile databases. 

Even with those accomplishments, Sybase isn't content to rest 
on its laurels. "On the mission-critical online transaction-pro- 
cessing front, we just launched a shared-disk cluster implemen- 
tation of ASE," Jonker says. "It's the first shared-disk cluster 
implementation to include virtualization technology, which 
greatly simplifies implementation and maintenance. We have five 
patents pending around this technology. On the other end of the 
spectrum, we just released the first enterprise-class relational 
database and synchronization solution for Blackberry devices. 
And, SQL Anywhere was the first database in the market to 
announce support for the .NET entity Framework in June." 

Learn more about the Sybase portfolio of data management 
solutions at www.sybase.com/datamanagement. Q) 
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Wind River unveils test automation framework 

Distributed tester will work with Linux and VxWorks and be integrated with Workbench 



BY P.J. CONNOLLY 

Testing is rarely fun and often 
monotonous. But to ensure that 
a test effort is checking the 
right things, one must be 
increasingly detail-focused, and 
considering the use of test 
automation tools is one way to 
sharpen that focus. 

Wind River Systems sees 
test automation as an invaluable 
part of its software environ- 
ment, and in the hopes of 
spurring its adoption, last 
month launched Wind River 
Test Management, a distributed 
testing framework. 

The company expects to 
release Test Management by 
the end of September in a pack- 
age that includes planning facil- 
ities, a test execution frame- 
work and automatic data 
collection. Pricing for Test 
Management was not disclosed. 

Wind River said in the 
framework s announcement that 
it would offer the Test Manage- 
ment features as an integration 
with the Eclipse-based Wind 
River Workbench, with the aim 



of supporting devices that run 
the company's Linux runtime 
platform as well as the VxWorks 
real-time operating system. 

Wind River is jumping on the 
test automation bandwagon as 
the market expands; figures 
from researchers at Venture 
Development indicate that the 
market for test automation was 
expected to grow by 12% annu- 
ally between 2006 and 2009. A 
combination of factors are at 
play, according to Venture 
Development: The adoption of 
multicore processors and in- 
creasingly complex system de- 
signs is met on the user side of 
the equation by expanding con- 
sumer expectation and growing 
time-to-market pressures. 

As Chris Rommel, an analyst 
with Venture Development, 
explained in a prepared state- 
ment: "The demands for in- 
creased functionality are dri- 
ving the volume and complexity 
of code that needs to be devel- 
oped and tested, which is 
adding more pressure to budget 
constraints and shrinking prod- 



uct development cycles." 

A recent survey of embedded 
systems developers conducted 
by VDC found that those who 
have adopted test automation 
say that a greater percentage of 
their projects were completed 
on or ahead of deadline, com- 
pared with coders who lack 
automated test efforts. 

Wind River Test Manage- 



ment will also include a diag- 
nostic interface intended to 
allow test and development 
engineers to reduce the 
chance of project holdups by 
shortening the time to resolve 
defects. The company said 
that the figures measuring 
performance and covering 
dynamic code are collected 
without having to install spe- 



cial test harnesses or build 
special versions of software 
under test. Test Management 
will also include collaboration 
tools under the name of Virtu- 
al Lab Management, which 
will help development and QA 
teams manage test boards and 
share access to them, and 
assist in the provisioning of 
new software builds. I 



Purple Labs buys Openwave's client business 



BY P.J. CONNOLLY 

A supplier of Linux technology 
for mass-market 3G mobile 
phones has expanded its busi- 
ness by purchasing the client 
offerings of a developer of per- 
sonalized mobile services. 

Purple Labs and Openwave 
Systems have reached an agree- 
ment that calls for Openwave to 
hand over its client business 
and related handset manufac- 
turer relationships to Purple in 
exchange for US$30 million in 
cash; warrants to buy 2% of 
Purple Labs' common stock; 



and, if certain conditions are 
met, another $2 million. 

In addition, Openwave will 
provide services to Purple for a 
period as long as six months 
and will be responsible for the 
first $2 million of transition ser- 
vice costs. 

Purple Labs CEO Simon 
Wilkinson said as part of the 
announcement that "by acquir- 
ing this portfolio and the Open- 
wave client team, Purple Labs 
becomes a global leader in 
mobile software, powering both 
traditional and Linux-based 



mass-market phones." 

Openwave's interim CEO, 
Bruce Coleman, explained in a 
prepared statement that the 
company wants to refocus away 
from handsets to its network- 
based offerings. 

Purple Labs is based in 
Chambery (Savoie), France, 
and is funded by three Euro- 
pean venture capital firms: 
Earlybird Venture Capital, 
Partners Group and Sofinnova 
Partners. Openwave has its 
headquarters in Redwood 
City, Calif. I 
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a bad bug, says Phyllis Schneck, vice president of research integration at 
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Secure Computing Corp. 

"It's no longer like the old days, when I was reviewing FAA code and we 
just had to be sure the application worked," notes Schneck, former chair- 
man of the national board of FBI InfraGard, a public-private infrastructure 
protection partnership. "Nowadays, everyone is equally worried about secu- 
l^li rity defects, particularly as software continued on page 40 ► 
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Highassurance apps haue zero tolerance 



< continued from page 39 

code runs more and more of our 
infrastructure." 

As risks have increased, tra- 
ditional bug-finding tools have 
risen to meet new security chal- 
lenges. This is particularly true 
with static analysis testers, 
which can scream through a 
million lines of code in 90 min- 
utes and tell developers not only 
what is wrong with the code, but 
also explain the security risk and 
the fix, and track repairs. 

"Once a developer starts 
using static analysis tools, that 
developer won't be able to 
imagine life without them," says 
Theresa Lanowitz, founder and 
CEO of analyst firm Voke 
(www.vokestrearn.com). "As a 
result of using the tools, coding 
gets better over time, and they 
save money by making the 
repairs before the code goes 
into release, instead of finding 
them after." 

Despite such enthusiasm, 
today's static analysis tools 
aren't perfect. They rely on a 
database of known "signatures" 
of security- related bugs, so they 
are prone to the same false pos- 
itive vs. false negative trade-off 
you would see in other signa- 
ture-based technologies, such 
as intrusion detection. Nor are 
they a replacement for dynamic 
testing, also known as vulnera- 



bility analysis of an active appli- 
cation, and so many vendor 
offerings consist of both static 
and dynamic testing options. 

The other issue is that tools 
are all over the map — command 
line freeware, system-based 
tools (such as Microsoft's Static 
Driver Verifier, which looks at 
drivers) and commercial tools 
that cover specific languages 
and platforms to varying de- 
grees. In addition, there are ser- 
vices like Citigal (with 100 
employees using a variety of 
analysis tools) and Veracode, 
which is a service that scans 
binary output rather than 
source code. Most other static 
analysis tools can scan the latter. 

Meanwhile, the tools are 
undergoing an identity crisis of 
their own. For example, Adam 
Shapiro, Microsoft's senior pro- 
gram manager for static analy- 
sis, is emphatic that Microsoft's 
offerings are not security tools; 
they are "quality" tools. Mean- 
while, there is a whole move- 
ment of scientists and profes- 
sionals who are just as emphatic 
that static analysis testing is as 
much about security as it is 
about quality. 

"MITRE has a list of 550 
things that can go wrong with 
code. At least half of those bugs 
are security- related," says Paul 
Black, who's overseeing the 



Software Assurance Metrics and 
Tool Evaluation (SAM ATE, 
samate.nist.gov/index.php/Main 
_Page), under NIST ITL (Infor- 
mation Technology Laboratory, 
www.itl.nist.gov). "Static analy- 
sis can catch these security bugs 
through libraries of known vul- 
nerabilities and by making pre- 
defined assumptions about how 
these bugs will interact from a 
security perspective." 

AT THE SOURCE 

To prove that using static analy- 
sis tools can improve overall 
application security, one need 
only look at benchmark results 
produced on SAMBA, the 
open- source Windows -Unix in- 
teroperability effort. 

Two years ago, Coverity, a 
leading commercial provider 
of static analysis tools for C, 
C++ and Java, offered up a 
free scanning Web site for 
SAMBA's developers, which 
led to the immediate discovery 
and repair of 216 defects in the 
first nine days. 

Since then, developers have 
fixed 8,500 security defects, and 
the overall security of codebase 
has improved from 0.3 bug per 
thousand lines of code to 0.025 
per thousand. That figure seems 
inconsequential until you real- 
ize that it implies there are still 
18 or 19 holes in the project's 
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When it comes to features and coverage, these select static analyzers run the gamut. 



'Source and binary analysis are 
much more similar than they 
are different. ... We're trying 
to tackle the same set of bugs.' 

—Chris Wysopal, founding CTOat Veracode 



At 

750,000 lines of code at any 
moment. It's even more conse- 
quential when considering 
much larger applications with 
lines in the tens of millions. 

Jeremy Allison, one of two 
SAMBA developers assigned to 
fix the bugs found by Coverity, 
says that Coverity scans the 
team's applications every other 
day, because contributing devel- 
opers are constantly changing 
the codebase. Coverity catches 
bugs with every code change, he 
adds, albeit there are fewer as 
developers change their ways. 

"The report output drills 
down and gives us a category of 
a bug like a null pointer indi- 
rection. It tells you, 'Here you 
made this call,' and, 'Here you 
indirect it,' " he says. "After a 
while of using it, you get to 
know the kind of things it looks 
for, and your code gets better." 

Learning how to avoid com- 
mon mistakes is a huge benefit 
of static analysis tools, says Gary 
McGraw, CTO of Citigal and 
author of two books on secure 
software development by Addi- 
son-Wesley. 

That learning, he says, 
comes in three forms: "Educa- 
tion in the use of the tools and 
rules themselves, education in 
the security risk of the bug 
found, and education in best 
practices on how to write 
secure code. That's a huge dif- 
ference from most security 
tools, which just point out you 
have a problem over here 
somewhere," McGraw notes. 

According to Tarek Nabhan, 
products division manager for 
Egypt-based software services 
firm ITWorx, the education 
chain works like this: In one 
place, developers see the bug, 
the line of code, its interdepen- 
dencies with calls and func- 
tions, the fix, and what they've 
been learning about coding best 
practices. 

"As a result, my people know 
more about good coding tech- 
niques, and the quality of code 




is improving," says Nabhan, 
whose organization has 100 of 
its 700 developers trained on 
Ounce Labs' Ounce5 static ana- 
lyzer, with plans to train the rest 
over time. 

AT BINARY STAGE 

Unlike most static analysis tools, 
which test source code at com- 
pile time, Veracode SDLC looks 
at code after it's been compiled, 
by doing binary scans. The same 
cannot be done in C and C+ + 
environments, many people 
assert, because machine code is 
too abstract from which to gath- 
er sufficient security data. 

Chris Wysopal, founding 
CTO at Veracode, says one can 
enhance binary output to test it 
as or more thoroughly than 
source. And even if it is tested as 
source, he adds, unanticipated 
interactions with compilers can 
cause vulnerabilities that don't 
show up until after it's compiled. 

As an example, he points to a 
case in which the password was 
not getting zeroed out because 
of a compiler bug, something 
that could be discovered only by 
inspecting the binary. The bug 
exposed a secret to unlocking 
full privileges to a Windows 
application and, ultimately, the 
underlying system. 

"Source and binary analysis 
are much more similar than 
they are different," he says. 
"We're trying to solve the same 
problems, tackling the same set 
of bugs. Both are statically ana- 
lyzing the application code, one 
before and the other after it's 
compiled." 

MARKET MADNESS 

Static binary, static source, 
dynamic testing: It all goes to 
show there is no single correct 
way to statically analyze a com- 
plex codebase. As vendors react 
to specific problems, they cover 
some bases, but none cover all 
the things that could go wrong 
and lead to compromise. 

Take, for example, a June 



www.sdtimes.com 



. Software Development Times . August 1 r 2008 . 



SPECIAL REPORT 41 



for bugs 

SAMATE meeting of NIST 
computer scientists, where 
teams ran eight tools and the 
Veracode service against three 
Java and three C programs con- 
sisting of 50,000 to 100,000 lines 
of code apiece (for full list and 
tests, visit tinvurl.com/5phk78). 
There was little to no overlap in 
the tools coverage, according to 
an internal memo written by 
Black. Each tool found different 
bugs that the others were not 
catching. 

Results also showed that 
reporting mechanisms would 
sometimes produce multiple 
repeat reports for a single bug, 
One example involved not tak- 
ing into consideration things 
like the combination of source 
and sink. They did, however, 
pass with flying colors in the 
education aspect of telling 
developers the security conse- 
quences of the bugs they find. 

Like repeats, false positives 
are problems for static analyzers 
because they simply can't be 
tuned to anticipate every com- 
plex association and innuendo in 
the code, says Brian Chess, co- 



STATIC ANALYZERS CAN SPOT THESE SECURITY BUGS 



• Cross-site scripting: Causes the browser to execute arbi- 
trary client-side scripting code, hijacking the user's session 
and allowing an attacker to phish for account/financial 
information. 

• Injection flaws: Improperly validated data passing 
through the interpreter can "confuse" it and open the 
way for malicious code to be injected into the interpreter. 

• Buffer overflows: Mostly a C and C++ problem due to lack 
of memory, buffer overflows are similar to injection attacks; 
in this case, an attacker sends commands with too many 
characters and takes over the system, with full privileges. 

• Insecure direct object reference: Intentional or uninten- 
tional access to internal object handlers exposes data. 

• Information leakage and improper error handling: 

Overly helpful error messages cough up too much informa- 
tion about a system-version, system type, error type, etc- 
giving an attacker more knowledge to launch exploits. 

• Resource leak: When programs leak memory, the OS may 
terminate them for exceeding prescribed limits, affecting 
other programs. An attacker then can exploit the remain- 
ing processes, in much the same way as a buffer overflow. 



• Unintentional ignored expressions: When expressions 
are ignored, code is unreachable and cannot perform need- 
ed action. For example, a bug discovered by a Coverity cus- 
tomer, in which a missing parenthesis kept a single routine 
from executing, turned out to be the worst exploit that com- 
pany had seen in five years, according to Ben Chelf, found- 
ing CTO at Coverity. 

• Null pointer de-reference: Invalid values assigned be- 
tween operations lead to a hard crash, the most frequent 
cause of Windows' Blue Screen of Death. 

• Web services: Malicious code can be injected into Web 
services entry points. Static analyzers include rule wiz- 
ards and data APIs that perform cross-service analysis 
and identification of Web services entry points. 

• Custom cookies/hidden fields: An attacker can view 
the underlying HTTP response payload by seeing the 
source code of a Web page, or by using proxies to find 
hidden files and cookies and then modifying values, to 
try to break developers' assumptions and gain control of 
the application. 

Sources: Coverity, Ounce Labs 



author of "Secure Programming 
with Static Analysis" and found- 
ing chief scientist at Fortify For 
example, Coverity — which sets 
the standard for the lowest rate 
of false positives, according to 
analysts — averages 13%. 

False negatives are also prob- 
lematic, he adds, pointing to a 
bug he examined in late June 



that compared the variable read 
from a Web page to a program 
string that converted input into 
all capital letters. That may not 
seem like a problem, he ex- 
plains, but if that application 
runs on a server in Turkey, it 
would be vulnerable to an input 
injection attack. That's because 
in Turkish, lowercase letters 



don't map to uppercase letters 
the same way they do in English. 
For most tools, rules can be 
tweaked as false positives arise. 
However, in some cases, devel- 
opment organizations find it eas- 
ier to change the way they code. 
That was the case not long ago, 
when the SAMBA group kept 
getting false positives on code 



developed by a "particularly 
clever" coder, Allison says. He 
adds, "I found it easier to rewrite 
the clever parts of the code that 
were tripping Coverity up." 

For reasons like those, static 
analysis tools for now are only 
seeing general acceptance in 
military, financial, critical soft- 
ware and other high-assurance 
environments, according to ana- 
lysts. For example, Gramma- 
Tech is making inroads into 
healthcare, with its C and C+ + 
analysis tool working on a large 
number of medical and other 
embedded systems, including 
Symbian. In addition, the com- 
pany has a DARPA contract to 
develop static analysis for multi- 
core systems, an area in which 
Coverity is already strong, 
according to Lanowitz of Voke. 

"When you're looking at 
multiprocessor technology 
pulling from all these applica- 
tions, there are so many things 
that can go wrong from a securi- 
ty perspective. Applications may 
not close sufficiently, memory 
allocations may be too small, 
deadlocks in the security chain," 
Lanowitz says. "This type of for- 
ward thinking in the market is 
helping us solve new problems 
before they become too large." I 
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Klocuuork 

Bug-free code is the goal of every good developer. Analyzing 
the code early in the development process keeps bugs out of 
the code stream, saving a lot of time and effort later. Now, 
developers can accurately analyze code right from the desk- 
top with Klocwork, named to the 2008 SD Times 1 00, the 
industry's annual listing of leaders and innovators in software 
development. 

The solution: Klocwork Insight. "We want developers to be 
as successful as they can be," says Gwyn Fisher, Klocwork's 
CTO. "Other vendors focus on analysis further down the life 
cycle, but the analysis we deliver on the desktop is just as 
accurate and high-value as analysis that competing vendors 
can only provide downstream." 

With its patent-pending Connected Desktop Analy- 
sis, Klocwork provides integrated static analysis right 
at the desktop. With Insight, development 
teams have a robust analysis solution for 
collaborating on bug remediation so that 
everyone on the team has the most up- 
to-date information on the progress 
of bug elimination. This ensures that 




developers' efforts aren't duplicated and bugs are 
eliminated before check-in, protecting the main 
code stream from exposure to any new bugs. 

"With Insight, developers are given accurate, actionable 
information they need about the quality and security of the 
code they are creating," Fisher explains, adding that the soft- 
ware integrates with desktop and system build environments 
to enable static source code analysis and opens that analysis 
to all team members. As a result, many eyes are brought to 
the process of bug elimination, allowing quality assurance to 
focus on functional issues. 

Another powerful benefit of Insight is breadth of coverage. 
"We cover bug and security vulnerability detection; architec- 
ture analysis; and software metrics in C, C++ and Java," Fish- 
er says. "We enable developers to generate really high-quality 
code. The bottom line is: Don't check in code that doesn't 
work." 

Those are just a few of the ways that Insight reduces time- 
to-market — and it's this practical approach that helps Kloc- 
work differentiate itself from competitors. ® 

Klocwork 
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FROM THE EDITORS 

Eschewing XML? 

The Extensible Markup Language isn't perfect. Yes, it's flexible, which 
makes it great for server-to-server communications. But XML is also 
verbose and fragile. Transmitting complex XML data can take a lot of 
bandwidth. Processing complex XML data requires a lot of processing 
power and memory. That's why XML is not ideal for server-client com- 
munications, particularly when you're dealing with rich AJAX applica- 
tions or mobile/wireless devices. 

What's the answer? Well, we're not sure — but we're encouraged that 
companies like Google are studying the problem. 

Google's approach with Protocol Buffers is to create a binary interface 
definition language that can be compiled by a server, transmitted to the 
client, and then interpreted locally, using much less bandwidth and client 
processing power than standard XML. The numbers that Google claims 
are indeed impressive. 

That's certainly a step in the right direction. However, we are uneasy 
watching Google go it alone. Sure, Google is a market behemoth, and 
whatever it does will have far-reaching implications. But the benefit of 
XML is its universality. If Google succeeds with Protocol Buffers, one 
could expect notoriously "not invented here" companies like Apple, 
Microsoft or Sun to develop their own incompatible binary XML for- 
mats. Inviting companies such as Adobe, IBM and Nokia to the party 
would be good as well. 

We would encourage Google and the other industry players to collab- 
orate on building an open common binary XML format, which would 
encapsulate not just binary compression but also IDL-style preparsing to 
simplify the remote computing load. 

A tall order? Yes. Getting the players together to solve a common 
problem won't be easy. Collaboration isn't what those companies do best. 
When you have Microsoft, Sun, Apple and Google all involved in stream- 
ing tons of rich information across the Internet to mobile devices, it will 
be hard to find a table big enough to contain not only technical docu- 
mentation but also those players' oversized egos. 

Yet, that's what must happen. The last thing anybody needs is a uni- 
lateral protocol stack. 

Add APIs to Windows 7? Bad idea 

Windows needs new APIs about as much as televised sports need 
more commercials. For years now, we've heard from Microsoft 
about how the future of software lies in managed code, but it seems that 
the company exempts itself from that vision, in a fashion that only the 
word "hypocrisy" adequately describes. 

That's the most reasonable conclusion one can reach, given that the 
next version of Windows is understood to have new capabilities that mir- 
ror the features of Windows Communication Foundation and .NET 
Framework 3.5, but in an unmanaged, API-presented form. 

The idea for Windows 7 and future releases of the OS should be to 
reduce the dependency on unmanaged code, instead of adding more 
gunk to what is already a hairball of truly monstrous proportions. We'd 
much rather see a commitment to allowing only managed code in a Win- 
dows 8 or 9 than consider the prospect of what else can be added to the 
spaghetti that is the Windows codebase today. 

One would think that after the howls of derision directed at Windows 
Vista, Microsoft would have learned a lesson about how applying lipstick 
to a pig doesn't make it any prettier. If anything, doing so creates an even 
bigger mess. 

Unfortunately, like a Third World dictatorship, Microsoft seems inca- 
pable of learning from the past. The only good news is that at least 
nobody will starve or have his or her dignity assaulted. But it makes one 
ask how the company intends to advance the cause of managed code 
when it is undermining that effort at the same time. I 



The Oracle-BEA tango 



Integration Watch 



In early July, Oracle rolled through a 
series of briefings to announce the com- 
pany's road map for the applications and 
tools it acquired from BE A. For BE A cus- 
tomers, those announcements had to be a 
major relief: Oracle stated that it would 
maintain all major BEA products and that 
there would be no forced migrations to 
equivalent offerings in other Oracle prod- 
uct lines. 

The tools-related road 
map, particularly for develop- 
ment tools, likewise con- 
tained good news for users of 
products from either vendor. 
Let's examine what Oracle 
will be doing. 

One key issue that the 
company had to resolve was 
the question of Java IDEs. 
For years, Oracle has been 
committed to its IDE, called JDeveloper. 
I covered this product in depth in my 
Dec. 15 column ("Free as in IDE," page 
41). It is an excellent development envi- 
ronment, especially for enterprise Java, 
but it is closed source (though free) and 
based on a proprietary framework. (The 
framework, curiously, was licensed from 
Borland and was based on that compa- 
ny's original JBuilder. Eventually, Oracle 
rewrote all of the code in the framework, 
and it is now a wholly customized, pro- 
prietary IDE.) 

During the same time frame, BEA 
developed Web Logic Workshop. This 
product, conceived as a Web services 
design and implementation IDE, has 
morphed over the years into a Java 
development product that was greatly 
improved by BE As acquisition of M 7 in 
2005. Eventually, Workshop migrated to 
Eclipse, though it remained a closed- 
source, commercial product. 

Oracle announced that it will be main- 
taining Web Logic Workshop as a separate 
product, but the company will also make 
it available at no cost. Said Duncan Mills, 
product manager for Oracle FusionWare, 
"There's little or no money to be made in 
developer tools. We use dev tools to intro- 
duce people to our technologies." 

This is unalloyed good news, as the 
BEA Workshop product had some 
unique components, such as AppXRay, 
which made understanding Java applica- 
tions much easier. Oracle was vague on 
when the free version of Workshop 
would become available, but it implied 
that it would be before year's end. The 
exact feature sets (there are three ver- 
sions of Workshop with slightly different 
capabilities) were also not disclosed. 

Meanwhile, JDeveloper will remain 
the principal Java IDE from Oracle. At 
first, it might seem unusual to have 
acquired a well-regarded Eclipse-based 
product and still consecrate primary 
importance to a proprietary IDE. But 
there are good reasons for the choice. 




First, Oracle has put tremendous 
financial resources behind JDeveloper. 
And that investment continues unabat- 
ed. One motivation for it is that it enables 
Oracle to add the features of its choice 
without having to go through community 
approval processes and other delays asso- 
ciated with open-source projects. Those 
factors could change the general direc- 
tion of the proposed features. 
This strategy is identical to 
that followed by the other two 
major Java vendors: IBM with 
Rational tools and Sun with 
NetBeans. In the past, Sun has 
commented on its preference 
to keep control of NetBeans in 
house for almost exactly the 
same reason — it can quickly 
add features whenever it 
would like to. And IBM, of 
course, simply adds features that it would 
like to the Eclipse base. 

Each player has an IDE that it can 
control and shape as it wishes. In the 
case of IBM, though, the base IDE is 
controlled by the Eclipse Foundation, 
though, even today, IBM still represents 
the major contributor of engineering tal- 
ent to that base. Essentially, all the 
major Java vendors recognize a strategic 
value in providing top Java development 
tools — even if most of them are given 
away free. 

Eclipse developers, however, are not 
without support from Oracle. The com- 
pany is currently assembling an Eclipse 
bundle of technologies specifically 
aimed at enterprise development. The 
product, called Oracle Enterprise Pack 
for Eclipse, will include tools for Java 
Server Faces, which is a favorite Oracle 
technology; Spring; Struts; Web Ser- 
vices; XML; and, of course, database 
development. Per Duncan Mills, this 
product is expected to ship by year's end. 
This enterprise pack is not intended to 
compete with JDeveloper. It does not 
have some of JDeveloper's features, such 
as modeling and the extensive JSE sup- 
port. Nor is it a subtle way of communi- 
cating that Oracle will eventually migrate 
to Eclipse. Rather, it's a toolset for Eclipse 
developers who came over from BEA and 
who could benefit by having additional 
tools for enterprise development. 

Larger questions remain about 
upstream development products. For 
example, whose ESB will be used ulti- 
mately in Oracle middleware: its existing 
product or the one currently found in 
BEA Aqualogic? The July announce- 
ments lay out a parallel path for both 
products, but eventually only one will be 
chosen. However, those details will be 
revealed at a later date. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
hinstock.hlogspot. com. 
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The pitfalls of PaaS 



The news that search and ad revenue 
monster Google has decided to unfurl 
yet another tentacle, this time to grab a 
chunk of the application development 
platform world, comes as no surprise. 

Platform as a Service (PaaS) is an 
attractive, exciting, rapidly evolving exten- 
sion of Software as a Service (SaaS) appli- 
cation delivery that, if used intelligently, 
could support a full end-to-end 
hosting and managed service 
environment for Web applica- 
tions. PaaS gives developers a 
break from worrying about the 
costs and other overhead of 
managing complicated infra- 
structure and leaves them with 
the peace of mind that a pre- 
configured environment offers 
to focus on building apps. 

What is surprising is that 
Google would so flagrantly try to lock in a 
captive user community with such a clum- 
sy PaaS offering. At first glance, Google 
App Engine seems an enticing proposi- 
tion for independent application develop- 
ers. After all, Google is a well known and 
widely respected brand in other technolo- 
gy spheres. It could make sense to buy 
into the same systems that power Google's 
own applications. On the face of it, the 
company is offering a fully integrated 
application environment for free. What's 
not to like? Well, quite a lot, if you ask me. 

The basic idea behind PaaS is to pro- 
vide a physical place for Web application 
deployment, delivery and continuing 
management without making developers 
download, install and configure software 
on hosting servers. Rather than thinking 
about machines that need configuring, 
servers and databases become simply 
connected places that make it all work. 

PaaS must be reliable, fast, secure, 
managed and capable of running Web 
applications successfully in diverse mod- 
ern environments. A true PaaS isn't just 
software, or even a collection of power- 
ful software and hardware; it's also about 
a bunch of driven humans working to 
ensure the platform performs and re- 
sponds elegantly to any problems. 

Sadly, it appears Google may be at the 
forefront of companies looking to use 
PaaS to create their own ecosystems, 
which lock in users for their own purpos- 
es. Superficially, they are providing a cool 
environment in which people can code, 
but drawbacks arise because of how pro- 
prietary these environments are. 

If a PaaS forces its members to use 
non-standard APIs, vendor-specific li- 
braries, unique account management tools 
and more, users quickly become locked 
into that environment and have few 
options as a developer. Instead of enjoying 
flexibility and autonomy, previously inde- 
pendent developers would be forced to 
create business models shaped by the 
ecosystem of the platform they signed up 



David Abramowski 




to and will, by definition, also be subject to 
third-party business constraints. 

Currently, developing an application 
to run on Google App Engine will 
require developers to build their appli- 
cation specifically to that platform, 
instead of creating applications that 
adhere only to industry standards and 
enjoy portability and flexibility between 
platforms. Sure, Google sub- 
scribers will get to take part 
in an ecosystem that un- 
doubtedly will prove as vi- 
brant as any developer com- 
munity, but is being forced 
into an unwanted and unnec- 
essary business model a rea- 
sonable price to pay? 

At least Google is being 
reasonably upfront about the 
situation in some ways, ac- 
knowledging its use of Python and invit- 
ing feedback through a beta program. 
But the company's cursory dance with 
open source creates conflict. If you take 
Python and layer proprietary technology 
on top of it, should it still be considered 
open source? Surely, the only genuine 
route would be to take standard open- 
source components transparently and use 
them across the environment. Google's 
approach leaves no room for developers 
to take previously created applications 
and drop them into the platform. 

It's hard to regard Google's standpoint 
as anything short of self-promoting. 
Effectively, the message to developers is: 
If you want to take part in this big ecosys- 
tem and become a cog in this global 
brand, you must play our game and use 
our toys. What repercussions will this 
have from a commercial angle once 
Google App Engine finishes its beta? 
Who would be the biggest beneficiary? 
What developers really want from a 



PaaS is independence, the ability to cre- 
ate an app, deploy it, gain the benefits of 
an active ecosystem and retain develop- 
ment access and flexibility. The owner of 
that platform will still gain revenue 
through a long tail stream once apps are 
deployed and generating revenue, if it is 
built properly and for the right reasons. 
Sadly, a locked-in model often just wants 
application volume to drive other forms 
of revenue, notably from advertising. 

Developers are already listing griev- 
ances against proprietary PaaS models. 
They don't want to be locked in to inflexi- 
ble APIs, libraries and non-standard ver- 
sions of programming languages. They 
know through experience to be wary of 
non-standard databases that make it diffi- 
cult to move their data around and natu- 
rally look for open relational databases, 
such as MySQL. Working within a big 
proprietary system removes developers' 
ability to maintain their own environment. 

A well-intentioned PaaS would allow 
apps to be scaled as required, unlocking 
enough power and resources. It would 
support multiple development languages 
and always be looking for more. It would 
be truly scalable, open and would avoid 
any route that could lead to vendor lock- 
in. From a developer's viewpoint, it is 
hard to see any technical advantage to a 
proprietary PaaS, such as Google App 
Engine. Are branding and reach of suffi- 
cient benefit compared with such a sig- 
nificant potential loss of freedom? 

In a modern online world that offers 
no structured service-level agreement or 
long-term contract, the only assurance of 
continued service levels, support and pric- 
ing levels even on the most open PaaS 
models is a 60-day period of notice. Why 
would developers choose actively to limit 
the usable life of their application by lock- 
ing them in to a proprietary world such as 
that proposed by Google? I 

David Abramowski is the CEO of 
Morph Labs. 



Despite some paper trails, 
quality efforts fall short 



DATA WATCH 



Fewer than three in 10 organizations use a 
test case management application, leaving 
many quality-assurance departments 
using manual systems that are poorly doc- 
umented, if at all, according to a survey by 
Seapine Software. Fully 18% of respon- 
dents perform ad hoc testing, another 16% 
document tests while they're in progress 
and 21% document their tests ahead of 
time on paper-based systems, Seapine 
said. Three out of four organizations either 
cannot analyze test failures or must rely 
on manual compilation of data. 

Seapine, which makes QA tools, bases 
its figures on a survey of development and 
QA specialists; as of late June, nearly 
1,000 people had completed the survey. 



How do you track tests? 
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Failwhale vs. time-to-market 



Twitter, in case you haven't suc- 
cumbed, is a "microblogging" ser- 
vice. Here's how it works: You toss brief 
SMS-sized messages into the stream and, 
far more interestingly, you subscribe to 
the notification of friends, colleagues and 
"thought" leaders. It's the refined sugar 
of continual partial distraction: The 140- 
character limit is too terse for complex 
thoughts, and the constantly refreshing 
stream resembles a never-ending "copy 
all" e-mail chain. It's addictive. 

Unfortunately, too many people have 
become addicted too fast. Twitter over- 
loads seemingly every day. During over- 
load, the stream of messages is replaced 
by Failwhale, an image by Yiying Lu of a 
sleeping whale being lifted from the 
ocean by a handful of red doves (I 
guess). Failwhale has become an icon, 
complete with coffee mugs, Facebook 
page, fan club, kinetic sculptural trib- 
utes and T-shirts, all created, presum- 
ably, in lieu of tweeting, "Thinking about 
getting a haircut." 

Failwhale is a charming alternative to 
an HTTP 503 status code, but nonethe- 
less his appearance can be jarring to a 
software developer. Somewhere, an error 
console is overflowing, and thousands of 
messages are being lost. Twitter is a free 
service — at least for now — so Failwhale s 




"cost" is just some vast multiple of zero. 

Everyone expects Twitter to go com- 
mercial, probably with advertising and ad- 
free subscriptions, though. Meanwhile, 
other free microblogging services are out 
there, with Jaiku and Pownce perhaps the 
most popular alternatives. Don't the fre- 
quent surfacings of Failwhale bode poor- 
ly for the future of Twitter? 

Maybe not. In the dot-com 
boom, it was common to 
speak of "first-mover advan- 
tages." In the early aughts, 
there was a backlash, pointing 
at the smoking embers of 
those who had been launched 
into the stratosphere before 
they showed they could walk. 
Now, though, time-to-market 
seems to be ascending again. 

Tim Bray, distinguished engineer at 
Sun, put it this way on his blog: "If you 
and I have the same good idea for a com- 
munity-based Web site on the same day, 
and mine is on the air in five months and 
yours in eight, then you're dead. And it 
doesn't matter if yours is better, because 
the community has gathered." Bray even 
posits Twitter as the canonical example. 

While "community-based" qualifies 
Bray's assertion, Dan Ciruli goes further, 
approvingly quoting the overheard line, 
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"Designing your app to scale is guaran- 
teed failure — it will take too long to 
write." Ciruli is director of products at 
Digipede, developer of a top-notch grid 
computing solution for .NET, so he 
knows his way around scaling issues. Is it 
possible that scaling is like performance, 
in which the cardinal rule is to get correct 
behavior before optimizing 
for speed? 

By all accounts, Twitter has 
a band of great engineers 
working on scalability and is 
organized, refactoring its sys- 
tem while keeping it available, 
for the most part, to users. The 
willingness of engineers to do 
so is a sign of their compe- 
tence and confidence. 

However, I'm uncomfort- 
able with the idea of dealing with scaling 
only when it becomes a problem. While 
laissez-faire attitudes have come to dom- 
inate code and design approaches, I still 
resist the idea of abandoning upfront 
architectural work. To my possibly old- 
fashioned mind, software development is 
not wisely done "on call" ("Hey, the site's 
down. Can you restructure the database 
views? OK, thanks. Bye.") But I have to 
admit that this seems to be what more 
and more customers value. The prevail- 
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ing attitude is, "Get us something up 
now, even if we have to fix it later." 

I have a new client, experiencing 
500% annual growth and just going 
through 100,000 transactions per month. 
The folks there brought me in to take a 
look at their stability and scalability. 
When I contacted their development 
team, I discovered that not only did they 
lack a load-testing plan, but they also had 
no automated testing. They didn't even 
have production, staging and develop- 
ment deployments; the programmers 
develop on the live site. The first words 
from their IT guy when I asked about the 
deployment architecture were, "You 
aren't going to believe this ..." 

It's tempting to dismiss the compe- 
tence of the development team, but they 
have delivered. Whether I think software 
development ought to be done on call, 
they're willing enough to do so. When the 
site crashes, they apparently get the pro- 
grammers out of bed. The client loves 
them and seems dubious of my claim that 
they're approaching a breaking point that 
they won't be able to solve with a patch 
and a reboot. Perhaps I'm out of step. 
Maybe all they need is a cute 503 page. 

(You can follow me on Twitter at 
lobrien, and you can order Failwhale T- 
shirts at failwhale.com.) I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his blog at 
www. knowing, net. 



► ► Don't Forget Your Documentation 



ComponentOne® Doc-To-Help® is the perfect choice for creating ™ 
innovative online user assistance. Author any type of information in 
Microsoft Word or HTML (or convert existing content) and publish online 
Help, Web content, or printed manuals. 



h Integrated toolbars in Microsoft Word 
and HTML editors allow you to author 
in the environment of your choice. 

► One click gives you browser-based 
Help, HTML Help, Java Help, Help 2.0, 
WinHelp, and/or manuals. 

► Industry exclusive Microsoft 
Sandcastle Plug-in for automated 
reference documentation. 



Visitwww.componentone.com/doctohelp 
to download your FREE TRIAL today. 



FREE Screen Recording Software 



The FREE ComponentOne DemoWorks® Community Edition empowers you to produce 
professional quality demonstration videos without multi-media expertise. Record any 
screen activity and produce videos in Flash, animated GIF, & AVI formats. Frame-by-frame 
editing makes "one take" demo creation a reality. For additional features, check out 
DemoWorks Professional Edition - available by itself or in a convenient Doc-To-Help bundle. 

Visit www.componentone.com/demoworks to download your FREE VERSION today. 



>'i 



Instantly Search Terabytes of Text 




♦ dozens of indexed, unindexed, fielded 
data and full-text search options 
(including Unicode support for hundreds 
of international languages) 

♦ file parsers / converters for 
hit-highlighted display of all popular 
file types 

♦ Spider supports static and dynamic web 
data; highlights hits while displaying 
links , formatting and images intact 

♦ API supports .NET, C++, Java, databases, 
etc. New .NET Spider API 



The Smart Choice for 
Text Retrieval® since 1991 



* 



Contact dtSearch for 
fully-functional evaluations 



♦ "Bottom line: dtSearch manages a 
terabyte of text in a single index 
and returns results in less than a 
second" - InfoWorld 

♦ "For combing through large 
amounts of data," dtSearch "leads 
the market" - Network Computing 

♦ dtSearch "covers all data sources ... 
powerful Web-based engines" 

- eWEEK 

♦ dtSearch "searches at blazing 
speeds" - Computer Reseller News 
Test Center 

See www.dtsearch.com for hundreds 
more reviews, and hundreds of 
developer case studies 



1-800-IT-FINDS • www.dtsearch.com 



www.sdtimes.com 



Software Development Times 



■ August 1, 2008 , 



COLUMNS 



45 



Selling SOA requires big-picture view 



Many organizations don't really have 
to sell SOA. They understand that 
the hype is the driver, so they leverage 
the thousands of articles and books on 
the topic to sell this architectural pat- 
tern. SOA is easy to sell if everyone else 
seems to be doing it, and there are plen- 
ty of smart people espousing its benefits. 

However, in most cases, SOA must 
be sold within the enterprise; it's not a 
slam-dunk. Indeed, if you were doing 
SOA right, you'd find that the cost 
quickly reaches well into the millions. As 
a result, you'd need executive approval 
for that kind of jump in spending. But 
the benefits are there as well, including 
agility, which could save the company 
many times the cost of building a SOA. 
At least that's the idea. 

Truth be told, technical folks are not 
good at selling the value of a single tech- 
nology or, in this case, a grouping of 
technologies, into the enterprise. Those 
people rely on the assumption that 
everyone sees the benefit without their 
having to explain it, but that is not always 
the case. Moreover, while the advantage 
often is clear, in the majority of cases it's 
not. Finally, there is a chance that SOA 
may not be a fit, and you had better fig- 
ure that out upfront. 

So, how do you sell SOA? Let's 



explore a few key concepts: 

• Shining a light on existing limitations 

• Building the business case 

• Creating the execution plan 

• Delivering the goods 

Shining a light on existing limita- 
tions is translated simply: Admit how 
bad things are. For most architects, that 
is difficult to do, because they 
expose themselves to criti- 
cism. In many instances, 
you're the person in charge of 
keeping things working cor- 
rectly. The architecture within 
most Global 2000 companies, 
however, is in need of fixing. 
You can't change the architec- 
tures; they are too complex 
and ill-planned. If your archi- 
tecture has issues — and they 
all do — now is the time to list them. 

This is analogous to admitting that 
you're 20 pounds overweight before 
going on a diet, or owning up to a sub- 
stance abuse problem before taking the 
famous 12 steps. In essence, you're 
defining your issues and, thus, have a 
clear understanding of the problem 
before trying to solve it. 

As you list the limitations, note also 
the impact on the business in both lost 
productivity and the concomitant money 




wasted. That will feed into the business 
case. 

Building the business case refers 
to the process of writing down numbers 
that attach a value of the SOA to the 
enterprise or business. This requires 
examining the existing issues (from the 
previous step) and putting dollar figures 
next to them. For instance, 
how much are those limita- 
tions costing the business, 
and how does that influence 
the bottom line? Then, how 
would the addition of SOA 
affect the business, positively 
or negatively? 

Attach numbers to the 
core values of reuse and agili- 
ty. You'd find that agility is the 
most difficult concept to 
define, but it has the most value for those 
who are building a SOA. Then, if the 
ROI for the SOA is worth the money and 
the effort, you move forward. This tactic 
communicates a clear set of objectives 
for the effort and links the technical 
notion of SOA with the business. 

The deliverable for this business case 
should be a spreadsheet of figures, a 
presentation for the executives, and a 
report for anyone who could not attend 
those meetings. Keep in mind you'll see 



this business case again, so be conserva- 
tive but accurate. 

Creating the execution plan refers 
to the detailed plan that defines what 
will be done, when, by what resources, 
and for how long. At its core, this is a 
project plan, but most people would find 
that the systemic nature of SOA requires 
that a great deal of resources work 
together to drive toward the result. 
Leveraging and managing those 
resources is complex, as is the project 
management aspect of SOA. 

Delivering the goods means just 
doing what you said you would do. 
Execution is where most SOA projects 
fall down. However, if you fail to deliv- 
er on time and on budget, chances are 
that your SOA efforts won't continue to 
have credibility within the enterprise, 
and future selling would be impossible. 
So, say what you'll do, and then do 
what you say. 

Selling SOA is more of an art form 
than a well-defined process. It requires 
understanding the big picture, includ- 
ing the technology, the business and the 
culture of the enterprise. More impor- 
tant, the sale needs to be followed up 
with delivering the value of the SOA. 
That's the tough part. What works so 
well in PowerPoint is a bit more difficult 
in real life. I 

Reach analyst David S. Linthicum at 
david@linthicumgroup . com. 
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SHORT TAKES 



I'M NOT SURE WHO COINED the 

phrase "second coming" to refer to the 
release of the iPhone 3G. But sadly for 
Apple, while the new smartphone hand- 
set may have delighted the million 
odd customers who were able to 
receive one, last months iPhone 
3G launch left a lot of potential 
customers bitter and angry (see 
Analysis, page 3). 

In some stores, including ones I 
visited on launch day, phones were sold 
out within an hour of opening, a clear sign 
that Apple misjudged the demand that its 
extensive marketing campaign would 
spark. From a company known for its 
marketing acumen, hand-written signs 
saying "NO MORE IPHONES" on 
AT&T store windows in the U.S. left a bad 
taste. A week later, AT&T can only say 
that the handsets are "back-ordered." 

Meanwhile, Apples decision to do a 
simultaneous iPhone 3G rollout in many 
countries, at the same time opening up its 
App Store and providing a downloadable 
firmware update for the original iPhone 
and for the iPod touch, was also a disaster. 
Customers reported difficulties in activat- 
ing their phones and installing the soft- 
ware upgrades. Many customers said that 
after the upgrade, their original iPhone 
handset didn't work for hours. 

And that's not all that Apple messed 
up on. Another part of the simultaneous 
launch was the revamping of its .Mac 
online service. The service, now named 
MobileMe, proved so buggy and unreli- 
able that Apple sent out an apology let- 
ter to its customers and is offering them 
a free month of service. 

Apple also acknowledged that its 
marketing, which used the word "push" 
to describe how MobileMe syncs the 
data on desktop Macintoshes and PCs 
with iPhones and iPod Touch devices, 



was misleading. Apple had implied that 
the data syncs were nearly instanta- 
neous. That is incorrect. 

While the MobileMe servers do push 
changes out to wireless devices, desk- 
^fc tops instead pull data during occa- 
sional sync sessions. That's not 
instantaneous, not at all. 

This isn't good, Apple. But 

f*Q *lPtc*lr there is an upside: The iPhone 

"^i i ■* 3G is already old news, so we can 

get back to talking about other things. I 

certainly intend to. — Alan Zeichick 

IF I LIVE TO BE A HUNDRED— and 

saints preserve me from that fate — I will 
never, ever, get the point of an e-book. 
No matter how sexy Amazon thinks it 
can make Kindle, there's zero chance of 
it replacing the yards of paper and paste- 
board that stretch through my flat. 

To be truthful, I turn to books when 
I've had enough of computers and tele- 
vision, and the last thing I need is yet 
another device that needs special care 
and constant recharges. 

Of course, e-books have other prob- 
lems. I wouldn't take a computer or a sim- 
ilar device to the beach or the park, 
because the lighting's rarely favorable. 
Then there's the matter of personal safety: 
Very few muggers are going to come up 
when one's toting a book and demand it, 
but some thug is likely to decide that 
whatever the funny gadget is, it can prob- 
ably be fenced for beer money. Finally, it's 
about bragging rights: If you tell someone 
you have 200 e-books in your reader, that's 
cool, but it doesn't compare to the appre- 
ciative whistle when someone lays their 
eyes on a library that can be measured in 
fractions of a furlong. — P.J. Connolly 




■ 



THE INDEPENDENT PROXY advisory 
firm ISS Governance Services recom- 
mended on July 11 that EDS sharehold- 
ers vote for the US$13.9 billion acquisi- 
tion of their company by Hew- 
lett-Packard. ISS studies proposed 
mergers and issues equivalent to the 
Good Housekeeping Seal of Approval. 

The deal also appears cool with the 
U.S. Department of Justice and the 
Federal Trade Commission, as a 30-day 
waiting period passed without a word of 
anti-trust concern from the Feds. All 
that was left at the time of this writing 
was a European Union review, expected 
by July 25, and a vote by EDS share- 
holders at a special meeting scheduled 
for July 31. 

HP's smooth-so-far sailing on the 
EDS buyout contrasts with the stormy 
$19 billion deal for Compaq Computer 
in 2002. HP director Walter Hewlett, 
son of co-founder Bill Hewlett, led the 
opposition to the deal and had hoped 
for an ISS thumbs-down to bolster his 
case. The ISS announcement endorsing 
the HP-Compaq deal was carried live 
on CNBC. — Robert Mullins 

AFTER SEEING A 24-INCH iMac on 
a trip to my local Apple store the other 
day, I decided to open up a SmartyPig 
savings account to put 
money aside to buy 
one. SmartyPig takes 
money out of my 
checking each month 
and offers a 4.3% interest rate. My last 
two machines were self-made, but I 
really don't feel like doing the research 
and assembling one this time around. 
The Mac's simplicity and elegance are 
almost reason enough to pay a premium, 
but my experiences with Mac OS X are 
what sold me. — David Worthinston 
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business Briefs 




Sun Microsystems laid off 1,000 employees in North America as 
part of a restructuring the company announced in May. At press 
time, it was believed Sun was looking to reduce its staff by between 
1,500 and 2,500 workers worldwide. Sun lost nearly US$34 million 
in the guarter that ended March 30, and preliminary results for the 
guarter ending June 30 were disappointing . . . Coverity acguired 
Solidware Technologies, a Colorado-based software readiness 
management company. Solidware products provide visibility into 
code and help ensure that software is ready to be released with 
data from multiple guality and security tools. Coverity officials said 
the deal would give customers a full view of the company's appli- 
cations while dealing with release reguirements . . . Application 
modernization and management company Micro Focus said it 
plans to acguire Liant Software, which makes products that help 
develop business information systems. The deal was valued at 
US$5 million. Micro Focus said that Liant's technology comple- 
ments its own, and it will help expand the company's portfolio of 
enterprise application management products . . . AMD will take a 
US$880 million writedown on the value of its handheld and digital 
TV units as part of the company's ATI Technologies acguisition in 



2006, the company said in a regulatory filing. AMD also expects to 
take $32 million in restructuring charges for employee severance 
and will record $36 million in impairment charges related to invest- 
ments in Flash memory chip maker Spansion. In July, AMD 
removed Hector Ruiz as CEO, replacing him with president/COO 
Dirk Meyer. 

EARNINGS: IBM announced second-guarter diluted earnings of 
US$1.98 per share, an increase of 28% from $1.55 in the second 
guarter of 2007. Net income for the guarter was $2.8 billion, up 
from $2.3 billion for the year-earlier guarter. Revenue for that peri- 
od was $26.8 billion, an increase of 13% from the year-ago guar- 
ter. . . . Informatica posted revenue for the second guarter of 
US$113.8 million, up 21% from $94.3 million in the second guarter 
of 2007. Net income totaled $11.5 million, or $0.12 per diluted 
share, up more than 9% from $10.5 million, or $0.11 per diluted 
share, in the year-ago guarter . . . CDC, a creator of enterprise 
software and new media, had anticipated revenue of between 
US$107.3 and $108.5 million for the second guarter, which would 
constitute an increase of 9% to 10% from the previous guarter. I 



events Calendar 



Black Hat USA 


August 2-7 


Las Vegas 




TECHWEB 




www.blackhat.com 




LinuxWorld 


August 4-7 


Conference & Expo 




San Francisco 




IDG WORLD EXPO 




www.linuxworldexpo.com 




Agile 2008 


August 4-8 


Toronto 




AGILE ALLIANCE 




agile2008.org 




ESRI International 


August 4-8 


User Conference 




San Diego 




ESRI 




www.esri.com/events/uc 




SHARE 2008 


August 10-15 


San Jose 




SHARE 




www.share.org 




ACM SIGGRAPH 


August 11-15 


Los Angeles 




ACM SIGGRAPG 




www.siggraph.org/events/s2008 





Intel Developer Forum August 19-21 

San Francisco 
INTEL 

www.intel.com/idf/index.htm 



Business of 
Software 2008 

Boston 

RED GATE SOFTWARE 

www.businessofsoftware.org 



September 3-4 



VSLive New York 

New York 
1105 MEDIA 

vslive.com/newyork 



September 7-10 



Interop New York 

New York 
TECHWEB 

www.interop.com 



September 15-19 



VMworld 2008 

Las Vegas 
VMWARE 

www.vmworld.com/conferences/2008 



September 16-18 



Web 2.0 Expo 

New York 
O'REILLY MEDIA 

en.oreilly.com/webexny2008 



September 16-19 



September 21-25 
Oracle OpenWorld 

San Francisco 
ORACLE 

www.oracle.com/openworld 



Software Test & September 24-26 
Performance Conference 

Boston 
BZ MEDIA 

www.stpcon.com 



BEAWorld 

San Francisco 
BEA SYSTEMS 

www.bea.com/beaworld 



October 6-8 



EclipseWorld 2008 

Reston, Va. 
BZ MEDIA 

www.eclipseworld.net 



October 28-30 



For a more complete calendar of U.S. software 
development events, see www.sdtimes.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Searching for the next step 
in your career? A new job? 
Just want a peek at 
what's out there? 

The SD Times Job Board 
instantly connects you to employers 
looking for someone just like you! 

The SD Times Job Board offers services, 
resources and a networking community 
for software development managers and 
professionals. In our NEW online Career Center 
you'll find a huge bank of job postings and 
resumes, career resources, coaching 
and advice services, and so much more! 



Post Your Resume Anonymously 

You can keep your identity secret, sending only 
your contact information to the employers whose 
opportunities you are interested in! 

Search Over 1,100 Software Development Job Postings 
Find a software development, testing; engineering or 
programming position today! 

Access a Library of Career-Related Articles and Resources 

We offer Career Coaching, Ask the Job Search Expert, 
and an entire library of career-advancement articles. 

BZ Media 



*« ^ Visit SDTiiiLe!^ colli to Biiid a 1 oh Near Youi 






www.sdtimes.com/content/sdjobboard.aspx 



r 










...ii ... 










^ 


s 


' 












?^^w 












' 










?pp 




































.1.1. 


PV 




-•-■x&;jig33BB&*t 


.,,. .. 








Wmmm 










IMJIihi 














DevTest Studio 



The integrated solution for delect tracking, test management and automated testing 



DevTrack 

Use DevTrack to track defects/issues 



• Track each issue through a definable 
workflow 

• SCM integration - track fixes against their 
source cods deliverables 

• Deploy a resolution across multiple 
releases, versions and products 

• Reporting and metrics to illustrate the 
entire detect iff ecycle 



DevTest 

Use DevTest to manage your testing 



Create a centra] repository for your test 
cases, knowledge items and automation 
scripts 

Schedule releases and test cycles using a 
wizard-driven interface 
Execute test assignments and submit 
defects from the same interface 
Track results with real-time dashboards 
and reports 



TestUnk 

Use Test Link to aula mate your testing 



Add automated tests to the DevTest 

test library 

Schedule automated tests along wild 

manual tests 

Launch automated tests tram the 

DevTest interface 

Track automation resuFts with 

real-time dashboards and reports 



TechExcel 

www.techexcel.com I 1-800-439-7782 



